Managing Sender Policy Framework (SPF) Records

One of the things a mail administrator must understand is Sender Policy Framework or SPF records in DNS. With the advancement in spam filtering, the ability to verify a server is authorized to send email on a domain's behalf is critical. So I wrote a brief introductory article on SocialBizUG.
SPF allows the owner of an Internet domain to specify which computers are authorized to send mail with sender addresses in that domain, using Domain Name System (DNS) records. Receivers verifying the SPF information in TXT records may reject messages from unauthorized sources before receiving the body of the message. Thus, the principles of operation are similar to those of DNS-based blackhole lists (DNSBL), except that SPF uses the authority delegation scheme of the Domain Name System

SPF works for any mail system so deploying it is a must as some recipients are now requiring entries or they block your email.  Read more in the article right here or leave your questions below.

 I even have some links in the article to let you validate your new or existing SPF records.
    for this posting

    On Monday, July 13th, 2015   by Chris Miller        

What is the POODLE vulnerability - back to basics

As we fight to fix the POODLE vulnerability in all systems, we should know what it is. POODLE stands for Padding Oracle on Downgraded Legacy Encryption . In simpler terms it exploits an older form of encryption your browser may use to communicate with servers.
As long as both the server and the client (web browser) support SSL 3.0, the attacker can force a downgrade in the protocol, so even if your browser tries to use TLS, it ends up being forced to use SSL instead. The only answer is for either side or both sides to remove support for SSL, removing the possibility of being downgraded.

So if an attacker can force your browser down to the older SSL 3.0 then they could cause some problems.  While vendors are hurriedly trying to patch their software, pretty much everyone was still supporting SSL 3.0 on their servers and of course your browsers do too. The only true solution is for both the web servers and the browsers to remove support for SSL 3.0 and force everything to TLS (transport layer security).

You can temporarily disable SSL 3.0 (and prior) in your own browsers for the time being.  Just be warned that if a site you frequentdoe not for some reason support TLS then you cannot get a secure connection once you do this.  Firefox will be making an update in late November under version 34 that removes SSL 3.0.  For now you can manually add a SSL Version Control extension to assist.

Google Chrome can be adjusted by simply changing your shortcut to force TLS as the minimal SSL connectivity.  They will have a Chrome update soon that will address it for the end users.

Lastly Internet Explorer (IE) has a manual way fix you can do today. I could not find a date yet on when they will update to fix the problem but in your Advanced tab and the Security section you can simply click to disable older SSL and make sure TLS is enabled for connections.
    for this posting

    On Thursday, October 23rd, 2014   by Chris Miller        

Skype 6.21.104 is consuming way too much memory

I am an avid user of Skype and have let it update itself pretty regularly. Even automatically.  However the Skype 6.21.104 update this week is consuming tons of machine memory. And it continued to grow
Skype 6.2 memory usage

So I uninstalled Skype 6.21.104 to go back to an older version.  My choice was the last Skype 5 version I could find of and ran into a new issue
Since yesterday, all versions of Skype below Skype 6.13 for Windows and Skype 6.14 for OS X are blocked and do not allow you to sign in.

There are all sorts of hacks and workarounds to get old versions to go but that was not what I needed.  I wanted to go back at least a few point releases to lower the memory usage again. So this got troublesome.  Skype has the newest version plus the very slick looking beta.  By the way the beta used even more memory as shown here
Skype beta memory usage

So I dug around for sites with the older version listed. I was lucky to find the whole list on Soft32.  I went back to and got the following memory results
Skype 6.1 memory usage

So for now I will stay on an older version of Skype, even though the new beta was much nicer looking.
    for this posting

    On Thursday, October 16th, 2014   by Chris Miller        

IBM Redbooks launches a mobile app

IBM Redbooks are known as key technical books on deployment to development. IBM has launched a mobile app for IBM Redbooks.
IBM Redbooks mobile app

The mobile app is available for both iOS and Android devices.   Continue Reading here" IBM Redbooks launches a mobile app" »
    for this posting

    On Tuesday, May 13th, 2014   by Chris Miller        

VMWare Fusion 4 review

You can also watch the VMWare Fusion 4 video in full HD on YouTube.

I had the opportunity to get a copy of VMWare Fusion 4 to review and I am more than pleased.  I have been an avid user of version 3 on my Macbook for some time, and enjoyed the ease of working with multiple operating systems for demos and testing.

VMWare Fusion Version 4 stepped up it's game with tons of enhancements, speedier graphics and better stability.  Take a look at the video for more.

Note: the links above are Amazon Affiliate links.  I do hope you buy from there :-)

Also,  make sure you keep up with all the product reviews from Spiked Studio on YouTube.
    for this posting

    On Tuesday, December 6th, 2011   by Chris Miller        

May 2011 Sys Admin Tips is out on

In this May 2011 edition I talk about Lotus' attempt at the Exceptional Web Experience and the following:

* From the Editor: Chris' -0.0123 SOC  
* From the IdoNotes Mailbox: Removing Encryption On a Local Database
* IBM Social Business Toolkit and Wiki
* Quick Tip: Free Sametime Plug-ins
* From the IdoNotes Mailbox: Plug-ins and Updatesite

Make sure you also:

* Register for IamLUG 2011!  The doors are open for attendees, speakers and sponsors.  The event will be FREE for all attendees and is being help Aug 1-2, 2011.

* Register for TackItOn again right after IamLUG.  This full day (paid) event brings Matt White for XPages 201 and Paul Mooney for Lotus Traveler

* Sign up for both the Consultant In Your Pocket and IdoNotes newsletters in the upper right corner of the blog.  Get early notices before the public, webcast information and commentary not found on the blog.  Did I mention the two free whitepapers on DCC and Search in Lotus Notes just for signing up?
    for this posting

    On Thursday, May 26th, 2011   by Chris Miller        

GoogleGroups is becoming a spammer’s paradise

Recently I have been watching not only my own mail account but the logs of caught spam across a ton of customers.  By domain.  You would not think that GoogleGroups would be getting marked, as people subscribe to them for the most part.  What I am finding is that spammers are now creating GoogleGroups and adding huge lists to them. 

Enterprises for the most part will trust Google as an authorized sender.  So unless the email contains words or other variables to set off triggers, they are getting through.  User's are then blocking the reply-to address or all of GoogleGroups, depending on how they were trained or what type of spam filter they are using.

Even the DomainKey and DKIM are matching for hostname lookups since it is Google sending the email.  The funny thing is you may not even use the address being sent to as a Google account, so removing yourself is even harder.

Most of the senders are technology based companies, so reporting them inside of Google is troublesome to do as well, so you find yourself just marking it as spam and moving along.

    for this posting

    On Wednesday, March 16th, 2011   by Chris Miller        

All the world’s flights in a day (video)

A great way to spend a minute and seventeen seconds seeing just how connected the world is.
    for this posting

    On Sunday, January 9th, 2011   by Chris Miller        

Thoughts on "10 ways SharePoint 2010 will impact your Lotus Notes migration"

I received a link from a customer to this ComputerWorld article with the title 10 ways SharePoint 2010 will impact your Lotus Notes migration.  The first thing the article does is make a very bold statement:
Over the past five years, many organizations have abandoned their legacy Lotus Notes/Domino environments

What constitutes legacy?  An application that drives their entire business?  An application that is a workflow built over many years to save huge amounts of costs for the enterprise?

So why didn't the companies move these applications?
Their concerns range from the cost of rebuilding applications on SharePoint to uncertainty about whether SharePoint has the capabilities needed

I beleive they catch the main reason right away.  The article goes on to to start the list of how it is easier, or should be.  Even though they list limitations right away.
1. Scalability: It’s not unusual for Notes databases in large enterprises to contain tens of thousands of documents. Organizations attempting to move this content to SharePoint 2007 ran into some severe size limitations on SharePoint lists and libraries. With SharePoint 2010, however, the recommended maximums for many criteria have more than doubled

So right away they admit even with Sharepoint 2010 there is still limitations in large databases.  They even note this about keyword fields into the managed metadata store.  The scaling and ease of migration is not there.

Office integration, their point #3, is a non-issue.  I think John Head has been preaching this for years in his integration sessions.  This already exists inside the Notes and Domino world

4. Offline Capabilities: Although many of us count on continuous internet connectivity and bandwidth, many legacy Notes applications depend on the ability to “go offline.”  Notes is famous for its ability to replicate to your laptop whatever data you need to continue working while unplugged.

They admit Notes is famous for offline capability so Sharepoint tries to cover this with Workspaces.  They taught that it is based on Groove (no defunct in the grand sense) and the same developers that built it for Notes.  Maybe some, but the movement and capabilities have far outgrown what ehy know and can do.

Sharepoint Online makes it presence known in post #5.  Domino has has hosted offerings for a long time from such partners as Connectria, and now LotusLive.  Nothing new here exept competition they had to offer.  Move along.

The rest of the points were design capabilities which Notes has been ruling for years in the RAD world.  Point 9 even tries to promote workflow.  Are they serious?  Workflow comparisons?  Lotus Notes stomps all over workflow.

So it all made sense at the end being written by a Sharepoint migration partner/specialist. that also runs a blog on the topic.
    for this posting

    On Tuesday, December 28th, 2010   by Chris Miller        

What’s New in Domino 8.5.2 Administration - FREE webcast

On Wed November 17th, at 10am CST, there will be a webcast covering What's New in Domino 8.5.2 Administration.  After the success of these sessions at DANNOTES in Denmark, it was suggested that is was redone as a Consultant In Your Pocket webcast as well.  It will cover the following:
  • Managed mail replicas
  • Forced client ODS upgrades
  • Domino diagnostic probe
  • Administrative accounts for plug-in deployment
  • Detecting corrupt databases
  • Directory assistance changes
  • Miscellaneous changes included!

Head over to the free webcast registration page for the event and get your team signed up!  Remember, it is free and only last just over an hour
    for this posting

    On Monday, November 8th, 2010   by Chris Miller        

How Lotus Greenhouse catalog breaks widget downloads from working

You can also watch the above video in HD on my IdoNotes YouTube channel right here.   A wiki article has been created as well.

After submitting my Lotus Blogger Search Widget successfully to the Lotus Greenhouse Catalog last week (original posting), I was happy to see downloads start.  Then the comments of failure began.  Well after some sleuth work and willing testers, I found the cause and solution which I posted there.  I am more than happy to share those comments and thoughts here as well.  Remember it is not a plug-in, a widget.
In order to successfully download my widget, and future ones successfully, from the Lotus Greenhouse you must do the following crazy steps:

Open your local names.nsf -> Advanced -> Accounts -> entry -> edit -> supply missing credentials -> save and close -> restart Notes -> drag widget again successfully

Basically the widget can only be accessed via a username/password even for the xml file.  So Greenhouse attempts to create a local account.  The local account it creates on the fly can not get your web credentials to the Greenhouse site.  So the error is generated.

Apparently Lotus has known about this for at least 8 months since I found a document addressing it from Feb 2010.  No fix, no solution and a bad way to get it.  I will point users to my blog instead for now.

(Update before this got published)  Lotus has acknowledged this is a Notes regression bug under Spr OAGU88XK87 that worked in Notes 8.5 and broke in 8.5.1 and 8.5.2.  This will make it in 8.5.2 FP1 and 8.5.3 but it is a client fix.  Keep that in mind.

All of this had nothing to do with the widget itself as it only allows you to select text in any Notes document, right click and do a custom search!
    for this posting

    On Monday, November 1st, 2010   by Chris Miller        

IBM Blueworks Live goes live Nov 20th

IBM Blueprint is launching into the next evolution of the software with Blueworks Live.  A web based solution for collaboration in process improvement.  It includes discovery, mapping, documentation and analysis.
Blueprint's ease-of-use, browser-based delivery and wiki-like structure have changed this and allow stakeholders inside and outside your organization as well as across functions, campuses and even oceans to collaboratively participate in process improvement. Blueprint takes the practice of process from the hands of the few and spreads it throughout your organization. In effect, the Blueprint platform becomes the central communication platform for collecting, sharing and improving how work gets done in your organization.

IBM is launching a free (limited) version as well as a paid professional version.  The paid version adds a bunch more functionality such as:
Collaboration with Multiple Users
  • Process Sharing
  • Unlimited Maps & Diagrams
  • Visio Import
  • Templates
  • Printing & Exporting
  • File Attachments
  • Email Notifications
  • Integration with WLE

The addition of Visio import is cool if the online software is just as powerful.  I walked through thr account creation process and it was as easy as filling out 5 lines and then I had a full 30 day trial.  After the 30 days I could pay for pro or keep using the free version (I will see how this works in 30 days).

Image:IBM Blueworks Live goes live Nov 20th
    for this posting

    On Wednesday, October 27th, 2010   by Chris Miller        

September 2010 Sys Admins Tips is out on

In this September 2010 issue I talk about the Domino 8.5.2 release with you and the following:

* From the Editor: Chris' 0.79500 HTG
* From the IdoNotes Mailbox: Changing the Inbox Style for Lotus Protector
* Multi-threaded Replication and More in Notes 8.5.2
* Quick Tip: The One Catch We Found in Domino 8.5.2
* From the IdoNotes Mailbox: Finding Notes Jobs

Make sure you:
* head over to Consultant In Your Pocket and catch upcoming FREE webcasts and full replays of previous webcasts
* catch up on the entire Google Apps Migration for Lotus Notes (GAMLN) series here on IdoNotes
* share this with all your geek friends across the social networks
    for this posting

    On Wednesday, September 22nd, 2010   by Chris Miller        

Lotus Blogger Search Engine widget updated again for Lotus Notes

In order to provide to best results, the custom widget for your Lotus Notes client has been updated with more blogs and removing some that went offline.  You simply grab the widget from the public catalog or download from the below linked posts.   You can also expand this even further by grabbing the plug-in Julian, of SNAPPS, created joining his search bar and the widget together.

If you don't understand what it offers, here is a quick description:
The custom blogger search is based on the Google CSE and now includes over 350 Lotus related blogs, wikis and technical sites. It only searches these sites for speed and web search efficiency.  You can further trim searches down by the categories that are being built such as Sametime and webcasts.  This allows you to find information quickly you know you read on some blog at some point.  PlanetLotus can handle recent lookups, but going further back in the archives is an issue, mainly if they were around before being added.

If you have any questions, please leave a comment.

Related Postings
SNAPPS and IdoNotes launch free search plug-in for Lotus Notes
New widget : Search across all Lotus blogs with a right click

If you need help in deploying widgets and plug-ins, watch this webcast on Plug-in and Widget Deployment for Lotus Notes from Consultant In Your Pocket which covers this very topic.
    for this posting

    On Monday, September 20th, 2010   by Chris Miller        

ThisWeekInLotus recording beinn broadcasted live from NLLUG

Simple, here.

Paul Mooney, Mary Beth Raven, Stuart McIntyre, Suzanne Livingston, me and more..
    for this posting

    On Friday, September 10th, 2010   by Chris Miller        

Consultant In Your Pocket webcasts now via iTunes

If you miss the live webcasts and don't want to sit at the computer watching and listening to the replays for Consultant In Your Pocket, then subscribe via iTunes.  You will get the update as soon as it is posted.   Then watch it on the road, your iPad and more.  There is always the simple RSS feed as well.

Upcoming webcasts include:
Recent replays available include:

Recent whitepapers released:
    for this posting

    On Friday, August 27th, 2010   by Chris Miller        

Dynamic Client Configuration (DCC) for Lotus Notes and Domino whitepaper released

It it great pleasure that I can announce the release of the first in a series of whitepapers from Consultant In Your Pocket/Spiked Studio.  The first white paper focuses on Dynamic Client Configuration (DCC) in the Lotus Notes client and interaction with the Domino server.  The paper simplifies the following areas:
  • History
  • Functionality
  • Troubleshooting

So how do you get your hands on this right away?  Simple.  
Subscribe to the IdoNotes newsletter (make sure you select that group as one of your choices) in the upper right corner of this blog. Within 24 hours you get a welcome email with the link to the whitepaper and notices on the upcoming ones as well.
  From then on stay subscribed to keep up to date with the latest commentary only newsletter readers get to see.  Feel free to subscribe to Consultant In Your Pocket, TheSocialNetworker or simply general interest as well.
    for this posting

    On Wednesday, August 25th, 2010   by Chris Miller        

Domino 8.5.2 with the second most fixes since Domino 7.0.1

Only Domino 8.0.1 has listed more fixes listed (2156) than Domino 8.5.2 in a release according the to the Notes/Domino Fix List database on Developerworks.  With an impressive 1448 fixes to date in the database, this proves to be an incredible feature and fix release for the Domino codestream.  You can read all the SPR's listed for each version, by category as well in the Notes/Domino Fix List database.

Notes/Domino Fix List
    for this posting

    On Thursday, August 19th, 2010   by Chris Miller        

August 2010 Sys Admins Tips is out

In this August 2010 issue I talk about the cloud over coffee with you and the following:

* From the Editor: Chris' 1.0000 LUG
* From the IdoNotes Mailbox: Are Agents Executed At Once?
* LotusLive Hosted Notes
* Quick Tip: Spellchecker in 8.5.1 Doesn't Skip All
* From the IdoNotes Mailbox: Sametime 8.5.1 Released, Now What?

Make sure you:
* head over to Consultant In Your Pocket and catch two upcoming FREE webcasts (one being August 18th!! )  or free   full replays of previous webcasts
* catch up on the entire Google Apps Migration for Lotus Notes (GAMLN) series here on IdoNotes
    for this posting

    On Tuesday, August 17th, 2010   by Chris Miller        

FREE "Bag O’ Schwag" at upcoming webcasts from Consultant In Your Pocket

With some awesome upcoming webcasts at Consultant In Your Pocket (for awesome online Lotus related training) and due to the great sponsors, we will be giving away a "Bag of Schwag" to some attendees drawn for each webcast.  Consultant In Your Pocket will begin giving away the "Bag O' Schwag" at the following webcasts** you need to attend:

Join Kathy Brown as she returns to provide you a fun session "Going Beyond Deploy and Pray"  on August 18th 2010, 10am CST,  covering the following:

Thanks to Lotus and Domino’s rapid application development platform, many developers find themselves in a deploy-and-pray application release cycle.  That can be fine for simple applications in uncomplicated environments, but what happens when the feature requests get more and more complex?  Come hear about different techniques for managing Lotus and Domino application deployment and how to get beyond deploy-and-pray!

You can register for Deploy and Pray  immediately right here.

Join Tom Duff and Marie Scott (Tommy and Marie as they are known now) on Sametime: A Users Perspective taking place August 25 2010 at 10am CST .  With the pending launch of their upcoming book on this very topic, follow along as they take you down the path of what a user sees in your environment and how to better think like them when deploying features and functions.

You can register for Sametime: A User Perspective right here

** Yes, we will be using the webcast attendee names of those that actually attend (not just register) to be fair.  You can always watch the replay online after the event, but then you only get to see virtual "Bag O' Schwag".
    for this posting

    On Monday, August 16th, 2010   by Chris Miller        

July 2010 Sys Admins Tips is out

In this July 2010 issue I talk about bandwidth for granted and the following:

* From the Editor: Chris' 0.152847 ZAR
* From the IdoNotes Mailbox: How Do I Remove Recent Contacts
* Recent Contacts - A New Evil?
* Quick Tip: Domino 8.5.1 FP3 Forgot the Router FIx
* From the IdoNotes Mailbox: Lotus Notes 8.5.1 Client Crashes

Make sure you:
* head over to Consultant In Your Pocket and catch one of the upcoming free webcasts or free full replays
* head over to IamLUG and register for the upcoming North American Lotus User Group meeting in August 2010
* catch up on the entire Google Apps Migration for Lotus Notes (GAMLN) series here on IdoNotes
    for this posting

    On Wednesday, July 21st, 2010   by Chris Miller        

TDI for Developers - the webcast tomorrow

Tom Duff and Marie Scott are doing an awesome developer session on Tivoli Directory Integrator (TDI) for Consultant In Your Pocket.  There are a few slots left to attend (really just a few) for some of the best tips to utilize TDI in your dev planning..

Join Marie Scott and Thomas Duff as they introduce you to the fundamentals of Tivoli Directory Integrator and then show you how you can set up your own TDI jobs to take your data synchronization requirements to the next level.  In this session, the focus will be on non-directory data integration from a development standpoint, with a future session targeted towards the administrative use of TDI to synchronize directories across operating systems and platforms

 They are also planning the TDI for administrator sessions to follow shortly
    for this posting

    On Tuesday, April 27th, 2010   by Chris Miller        

Announcing the Lotus Custom Blogger Search Engine


I had this in the works for some time, but the list was not fully up to date.  It is now updated with all the Lotus blogs I could find.  I built a Google Custom Search Engine to weed out sites that try to use keywords to draw some of the search focus away.  This way we can quickly sort through all of the blogger and technical Lotus content with a narrow focus of a half a thousand sites.

You will always find this engine in the search section on the right side of my IdoNotes blog homepage. I went ahead an embedded it in this posting as well for you to start using and sharing.  If you or any site is missing, the index is building still.  If by Monday you do not show, ping or email me and I can quickly verify with some filtering.
    for this posting

    On Friday, April 23rd, 2010   by Chris Miller        

Awesome new Consultant InYour Pocket webinars and site redesign

April is turning out to be a big month.  Consultant In Your Pocket webinars are going strong the next two weeks with the following:
The site itself underwent an overhaul in look and feel last night.  It also has it's own RSS feed for you to keep up to date with all the new dates.

There is a bunch of upcoming webinars planned covering Lotus Protector, policies, DAOS, ID Vault and more.  Too many to list.  So get over there, register and share the events as well with other administrators, developers and user groups

Image:Awesome new Consultant InYour Pocket webinars and site redesign

    for this posting

    On Tuesday, April 13th, 2010   by Chris Miller        

March 2010 Sys Admin Tips is out

In this March 2010 issue I talk about filtering yourself (or not) and the following:

* From the Editor: Chris' 0.0133167 FKP
* From the IdoNotes Mailbox: Move Sametime Server to Existing Domino Server
* Quick Tip: How Does a Consistent ACL Affect Local Replicas?
* From the IdoNotes Mailbox: What is LotusLive iNotes Versus iNotes?

Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
    for this posting

    On Tuesday, March 16th, 2010   by Chris Miller        

February 2010 Sys Admin Tips is out

In this February 2010 issue I talk about the start of Lotusphere 2010 and the following:

* From the Editor: Chris' 0.0518 XCD
* From the IdoNotes Mailbox: ICM and iNotes Return
* Directory Independence has Been Pulled From Domino Plans
* Quick Tip: Multiple Attachments In iNotes Showing Incorrectly
* From the IdoNotes Mailbox: Which Domino Blog Template Should I Use?

Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
    for this posting

    On Thursday, February 25th, 2010   by Chris Miller        

January 2010 Sys Admin Tips is out

In this January 2010 issue I talk about the start of Lotusphere 2010 and the following:

* From the Editor: Chris' 1.2010 MMD
* From the IdoNotes Mailbox: Business Card Photos in the Domino Directory
* Quick Tip: Disabling Remote Images in Lotus Notes Mail For Security
* From the IdoNotes Mailbox: Large File Uploads in Quickr

Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
    for this posting

    On Wednesday, January 20th, 2010   by Chris Miller        

Top posts in 2009 from the top 20 bloggers on PlanetLotus (from all bloggers)

Instead of going back into my own posts (there was 155 for those counting in just this blog), I decided to see what the hot topics were for 2009 on PlanetLotus from the listing of top hit blogs total.  I did not see a view for the overall top postings, so I wanted to see the top from each of the below.  Also, it seems it did not go all the way back in 2009 for each blogger based on how much they post, not sure oh what the history retention is.
Ed Brill Notes/Domino 8.5.1 available: So what do you think?
Volker Weber Collaboration for Dummies
Chris Toohey Project Abbr - TinyURL-like solution for Lotus Notes Domino!
Peter Presnell Notes 8.5.1 Helps Break Box Office Record
OpenNTF blog Four new Widgets available on OpenNTF
Declan Sciolla-Lynch Learning XPages Part 1 : Application Objectives
Carl Tyler IBM is slowly phasing out Domino in favor of newer platforms
Gregg Eldred Memory Leaks in Domino 8.5.x
Bruce Elgort Our biggest competitor. It's not who you think.
Keith Brooks "We are going to use Google Apps"
Notes Design Blog Notes 8.5.1 is generally available today! Here is a presentation that covers most of what is new
Arne Nielsen Lotus knows where to find a good screensaver for you!
Xpages Blog What's New For XPages in 8.5.1
Jake Howlett HTML Emails With LotusScript Just Got a Whole Lot Easier | Blog
Paul Mooney What mobile device do I choose?
Mikkel Heisterberg Open Office / Lotus Symphony will be in trouble
Graham Dodge IBM prefers MS Word ...
Chris Miller IdoNotes Episode 66 - Quickr on the iPhone launch with project Jonathan
Vaughan Rivett Is IBM secretly planning “Lotus Notes 8.5.1 – Home Edition”?
John Head Notes 8.5.1 bring us a true Lotus Symphony API!

*** as a side note I did remove the LinkJam entry since it was a link to another place and not an individual or team blog posting
    for this posting

    On Monday, January 4th, 2010   by Chris Miller        

December 2009 Sys Admin Tips is out

In this December 2009 issue I talk about my annual goofy & geek Christmas gifts and the following:

* From the Editor: Chris' 1.0000 XMAS
* From the IdoNotes Mailbox: Mail Disclaimers on NRPC mail
* Configuring Sametime and iNotes (Domino Web Access)
* Quick Tip: Are You Running DAOS on i? There Are Immediate Fixes
* From the IdoNotes Mailbox: BES 4.1.7 and Domino 8.5.1

Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
    for this posting

    On Thursday, December 17th, 2009   by Chris Miller        

November 2009 Sys Admin Tips is out

In this November 2009 issue I talk about the following, and pay special attention to the "Win the Fight to go to Lotusphere" section:

* From the Editor: Chris' 0.159650 MOP
* From the IdoNotes Mailbox: Transaction Logging the Notes Client
* Win the Fight To Go To Lotusphere
* Quick Tip: Google On the Hostname Change Game Again
* From the IdoNotes Mailbox: Deploying Signed Widgets and Plug-ins

Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
    for this posting

    On Wednesday, November 18th, 2009   by Chris Miller        

IBM opens SWAN - no not the Lotusphere hotel

SWAN will be your email answer place for all your software questions, according to this:
Get your software, pre-sales questions answered on SWAN, the IBM Software Answer Network. You can ask sales, strategy and technical questions. When you submit the question, SWAN automatically routes it to one of our 1,200 IBM Software Group experts. Once the question is answered, you are promptly notified by e-mail.

The IBM tool that provides simple search against a wide variety of published technical resources across over 70 data sources is known as Business Partner Q&A (BPQA)

Now, I tried to log in and you do need an IBM id first.  You are directed to the BPQA (Business Partner Q&A) first.  You must search first befire you can submit any question, which actually make sense.  Acronym lookups are available to help in understanding what you are searching for or what they are requiring. Here is a sample screenshot of the Q&A busy busy page.

Image:IBM opens SWAN - no not the Lotusphere hotel

I hope I didn't forget to mention:
Some eligibility criteria apply.  Entitled Business Partners can ask a new question using Software Answer Network, or SWAN. SWAN is available to Advanced and Premier level Business Partners and Value Added Distributors. Member level Business Partners who have purchased the Value Package can also ask a new question using SWAN.

    for this posting

    On Monday, November 16th, 2009   by Chris Miller        

October 2009 Sys Admin Tips is out (oops almost forgot)

In this October 2009 issue I talk about the following, and pay special attention to the editor comments section:

* From the Editor: CHRIS' 8.86624 XOF
* From the IdoNotes Mailbox: The ID Vault and Lotus Notes 7.0.2
* To Package or Not Package My Client Deployments
* Quick Tip: Lotus Notes 8.5.1 Calendar Drag
* From the IdoNotes Mailbox: Sametime Gateway Sizing

Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
    for this posting

    On Tuesday, November 3rd, 2009   by Chris Miller        

September 2009 Sys Admin Tips is out

In this September 2009 issue I talk about the following:

* From the Editor: CHRIS' 0.0542000 SRD
* From the IdoNotes Mailbox: Two Out-Of-Office Agents Per Mailfile
* Potential Security Issue with Microsoft Excel File Viewer in Lotus Notes
* Quick Tip: Display Your Current Timezone in the Business Card Feature
* From the IdoNotes Mailbox: Too Many Mobile Device Types

Use the discount code of "IdoNotes" to get up to 25% off your CertFX practice exams for certification
    for this posting

    On Wednesday, September 23rd, 2009   by Chris Miller        

Domino 8.5 is doing the disk space savings dance here

We had been doing it in testing mode but went a little larger scale with the new DAOS (Domino Attachment Object Service).  It works, right out of the box folks.
  • Set up transaction logging
  • make the ODS in 8.5 format (50)
  • click a few flags
  • start firing off the attachments

The benefits of usage and savings were staggering in the on disk sizes.  Savings were in the 40-50% range right now.  Here is the good news many people are missing.  It is not shared mail in any way.  it uses new NLO (Notes Large Object) file types and the darn thing works across ANY freaking database that shares the attachment and is enabled for DAOS.

DId I say any database?  Yes, discussions, and soon I would think Quickr.
    for this posting

    On Wednesday, August 20th, 2008   by Chris Miller        

July 2008 Sys Admin Tips Newsletter is out

Topics for this month's newsletter include:
* From the Editor: Chris' 0.021135 CAD
* From the IdoNotes Mailbox: Sametime Issue for the Blackberry
* Overcoming Issues Using Lotus Sametime with an IP Sprayer
* Quick Tip: Lotus Notes Traveler 8.0.1 Releases HotFixes
* From the IdoNotes Mailbox: Placing a Pilot Domino 8 Server in the Same Domino Domain

Leandro from IBM Brazil also emailed me already and pointed out that the tip for piloting omitted (maybe during editing, who knows) that you should create non replica template copies or set the replication for that server to not include any .ntf files.
    for this posting

    On Thursday, July 31st, 2008   by Chris Miller        

Epilio did in 2 days (free) what Lotus hasn’t done for Sametime in 8 years

Carl pinged me over the beloved Sametime Gateway before announcing it to the world so I could beat it up the new Sametime Buddylist Control Tool from Epilio (did I mention free).  While it is strictly a command line interface, it only took them a couple days of downtime to create this.  There are images of it in action on the website.

So the basics are this:
  • You could never give users a pre-defined buddylist
  • Users had to manually go in and add public groups/private groups and people
  • You want someone in particular added to buddylists, like a bot name
You get the general idea there.  Basically manipulate the buddylist how you see fit.  I would like to see this with a pretty UI wrapped around by someone, but I will take this awesome toolset as is for now.

The install was simple.  I chose to place it on my Sametime server directly for testing.  You can install on another machine, but then you need to trust the IP of that machine in stconfig.nsf.  I skipped that for testing.  Large amounts of processing will take time, of course.  But i was quite fast and the results are immediate.  Here is the real kicker to the whole thing.
The tool can run while the server is up and the user is logged in.  No downtime

Carl and his team at Epilio went as far as to create an actual manual with screenshots that can be found right here. in pdf format.  Amazing job and a welcome toolset for my team.
    for this posting

    On Tuesday, July 29th, 2008   by Chris Miller        

Warning and request to these awesome Notes 8 sidebar app developers

I have seen some excellent sidebar applications for Notes 8 being generated recently, all with the developers starting their own update sites.  Before I list them, here is the issue and warning:
I need you to create these in one of two ways:
1. as a downloadable feature in a zip file
2. or in a siteupdate database I can import.

One of the below sites I visited today gives specific instructions on how to change the client to allow remote site updates.  Unfortunately, policies will revert and disable this for all the users.  By providing me with one of the 2 options above, I can guarantee my users will get the plug-in and I can control distribution, security and resigning.  I also do not allow them to go to outside update sites from those that I specifically list in my configurations.  I really want them to use your apps, but it has to be controlled on this end.  If you need help in building a site, let me know.  I can easily assist.

Some cool ones:
  • SideLog by Jeff Gilfelt - awesome tool for working with the Notes log files
  • Formul8 also by Jeff  - a developer tool to write formulas
  • SecretAgent  again by Jeff - see all the agents in a database
  • TwitNotes by Mikkel - unfortunately I think it is broke for 8.5

Update: John Head in the comments mentions the widget.  Unfortunately that is now a requirement for your site to work, Lotus broke plug-in control and I won't allow foreign widgets that pull sites either and no one else should.  Good comment John.
    for this posting

    On Tuesday, July 22nd, 2008   by Chris Miller        

Using TweetScan to keep up with unhappy Notes users

I have been using TweetScan for some time now to poll Twitter for those that mention Lotus Notes in their tweets.  What you find is amazing sometimes.  Here is some excerpts.  I have my scans set to email me daily..
** qrush : Lotus Notes may very well be the most over-complicated office tool ever devised by mankind. It's a UI disaster
** aaron_miller : Woo upgrading to Lotus Notes 8 tonight
**        careca : lotus notes blows! give me gmail!
** ckwebgrrl : Hating Lotus Notes... I'm starting to sound like a broken record :(
**        aaronmcohen : Lotus Notes works again....Oh I see all the meetings I need to go to.....damn!
**        seanjackson : oh, lotus notes, how I hate you so....
**        whitneyhess : @mariobourque Ooh you're right. There is something worse than Outlook. Lotus Notes!
**        richrecruiter : Retweeting @kellsworth: Lotus should have been left to karate and plants, and stayed away from Notes and emailing.

So what you find is people that have either bad installs or badly managed environments.  You could go on for days reading these as they come across but I thought others might find it interesting.

You can also expand this and make more scans for your company name, product or even yourself.
    for this posting

    On Monday, June 9th, 2008   by Chris Miller        

Why the current Eclipse Update Sites in Domino sucks

Easy, it doesn't work and is configured in the wrong place (NOTE: the actual template used rocks, hands down.  The process is broken).  I was prompted to write this after the article on came out touting the feature.

EDITOR NOTE (May 21 1pm): Everyone understand, the Eclipse Update Site template is one of the better things Lotus has created and shipped that outshines other site update tools.  I love the template and the guy that write it (hey to TG on amazing work as usual).  I am only talking about the process by which the client uses this template.

Instead of using policies in Notes 8 to force clients to see an update site, they chose server configuration documents.  Let me break down what is bad about that in a moment.  Currently, most every admin will want to make sure the ability for clients to install their own stuff is turned off.  Ok, that works.  However, you must then place an update site link in the server configuration doc that the user never seems to see.  Why the heck didn't you use policies?  The server configuration document has the global setting for both Smart Upgrade and then Provisioning, but the Desktop settings policy only has Smart Upgrade as shown here:

Image:Why the current Eclipse Update Sites in Domino sucks

So what is expected is that each user will hit the server and see the server configuration document.  This in turn will somehow get them the provisioning database or site.xml from there.  Well this opens another can of worms.  We teach and implement multiple places to reduce the extreme number of server configuration documents and to simplify.  But if I want users on different home servers to hit alternate update sites only, then I have to go back and create multiple server configuration documents.  Conflicts terribly.  The site update database was built with replication in mind.  I can create it once, push it out all over and have users hit sites local to their area for performance.  With a policy I would be all set.

The real kicker here is that the client never seems to see this new setting and never gets the provision on a consistent basis.  I have had one or two magically work, and others never work.  All at the same server with the same version of client.  Riddle me that Batman, both why it sometimes works and why it isn't in any policy setting to do controlled/distributed provisioning.
    for this posting

    On Wednesday, May 21st, 2008   by Chris Miller        

Notes 8.0.1 Standard on Citrix - can you count to 4 users only?

So the internal NOC team here uses Neoware thin clients to connect to the Citrix 4.5 server.  Today the Windows guys decide to upgrade to 8.0.1 Standard and find that each user was, as expected, using lots of memory around 400MB each.  With the machine it runs on being a dual processor with 3.5 GB of RAM, they had higher expectations.  So after everyone came on day shift and logged in as usual, the machine started grinding.

Unfortunately, they want all the bells and whistles, but back to basic mode they have to do.
    for this posting

    On Thursday, May 8th, 2008   by Chris Miller        

Visually trending talk of Lotus Notes on Twitter

I ran across a tool called Twist which gives a graph of how many times words or phrases are used in Twitter.  For fun, I did Lotus Notes versus Microsoft Exchange (using just Exchange gave every instance and was to much).

Image:Visually trending talk of Lotus Notes on Twitter

The downside was that many of the Lotus Notes postings were negative.  How about some more positive tweets?
    for this posting

    On Thursday, April 24th, 2008   by Chris Miller        

Do your users understand a stoplight signal?

If they happen to be able to know what to do when they see green, yellow and red, then this should be simple.  From the words of one of our customers
Lotus could not have made seeing quota limits any easier and for training users on new features in 8.0.1 as we deploy

Image:Do your users understand a stoplight signal?
    for this posting

    On Wednesday, April 23rd, 2008   by Chris Miller        

Taking S/MIME out to pasture

I sent a Twitter yesterday on how I was overlooking the obvious in setting up some secure mail between two sites.  They wanted to use S/MIME.  Did both run Notes? No.  That would have been easy with sharing of public keys and letting them encrypt until they couldn't breathe.  This was a Notes to another email package.  So the theory was creating X.509 certificates, passing them out like Halloween candy treats and hoping everyone nibbled.

Then it hit me.  Why are we going through so much work here?  So we got a common and known Internet certificate for both servers, made sure that the other side could understand it and forced all communication via TLS from SMTP to SMTP.  Their whole point was encrypting data between the Internet flow, not necessarily once it was received since multiple people may need access to the data.

We set Domino 8 to force the TLS conversation and stop if it could not make one.  We made sure the other server understood to start a TLS conversation when asked and off we went.  Secure Internet mail flow between disparate sites at will.
    for this posting

    On Friday, April 18th, 2008   by Chris Miller        

Bug in the Sametime Advanced installer - Applianceware version

If you attempt to run the ApplianceWare installer on Linux for Sametime Advanced, you will notice that the plugins for Websphere fail, which in turn breaks the entire install of course.  Some examination shows that line 167 in the installer file refers to a directory with an Uppercase while the actual install file creates it with a lowercase.  So I edited the installer for the ApplianceWare version and the install went off just fine.

Chalk one more up on the wall.
    for this posting

    On Thursday, April 3rd, 2008   by Chris Miller        

The attendee love/hate of ND8 - Copenhagen

Surprise, disappointment, amazement, laughter.  We got every reaction possible.  Andy and myself fended off countless questions from a fully packed house.  The extra seats we planned open were taken by some last minute drop-ins that registered.  So what did we learn this city?
  • 95% of the attendees use Sametime
  • 100% were at 6.5.x or higher and wanting to go to Domino 8.0.1
  • Not having Citrix support already for the Standard client made more than one of them very disappointed
  • Widget policies were a selling point
  • Lotus Connections, Lotus Protector and mainly Productivity Tools were not anything they cared about.  Did I mention Productivity Tools?
  • Companies in size from 250 users to 40,000 all really use Domino
  • Some admins are lucky when they get to go to Brazil for 9 days to install one Domino server
  • Lotus Foundations is a cool product if you don't already have a Domino domain, which they all did of course
  • Integration of Sametime is awesome
  • Integration of Activities is confusing
  • The Sametime Gateway is of interest to them
  • Coffee breaks are not often enough, mainly after huge lunches
  • Attendees love free tools that we give away
  • Expanded policy control for desktops and security will be implemented right away
  • People are tired of Smart Upgrade and want full provisioning

I am sure there is a few other I will add in.  To summarize, the love Domino 8 and wish there was few more things that had made it into the product at the same time.  Social networking over here is not popular, while internal chat is.   They always have very specific and unique questions that we love getting answers to for them.  So excuse me while I collapse, eat a final dinner here and then head home tomorrow .  Check my "Where am I headed" tab to see the cities I have booked up.
    for this posting

    On Wednesday, April 2nd, 2008   by Chris Miller        

"Update Status after login" error in 8.0.1 - close to solving

Every time the client goes into a standby (not hibernation but definitely where Windows closes the screen down and stops spinning the disk, the error shows.  I let  a machine sit and then logging in gave this

Image:"Update Status after login" error in 8.0.1 - close to solving
    for this posting

    On Friday, March 28th, 2008   by Chris Miller        

Remove your DNS Blacklists? One spam provider says so

Our customers have forwarded a blog posting from Mayflower Software that suggests you remove DNS blacklists and then let their software handle everything for spam.  While there is one valid point, adding an immeasurable load to your Domino server is not something I suggest.  many of the comments on the blog post reflect that fact as well.
I hate to discourage the use of any technique that can stop spam, but I think DNS blacklists should no longer be used by Lotus Domino (IBM Domino) email administrators.

So then jump down to the comments and see what others have to say:
Blacklist can produce false positives but really have positive impact on load. Especially when our SMTP server have limited bandwidth and ratio rejected/accepted messages is high as on our server (we have over 90% rejected connections). Then disabling DNS blacklist does mean that our load on line will be 10 times bigger which is of course unacceptable.

So to our customers that saw this, I write my opinion here.  While someone may be blocked accidentally for whatever reason, there is the phone.  The load that could come from this on your server is not worth letting a Domino based spam solution solve.
    for this posting

    On Friday, March 28th, 2008   by Chris Miller        

NotesPing as a server setup tool?

Another interesting bout with unknown causes of server setup failures on an additional Domino server.  We were setting up a hosted server, that was to get the necessary data through a private connection with an address supplied by the IT team at said company.  We could hit that IP address over port 1352 successfully, so all was good there.  However, the server setup would always stop at 20%, which normally means that it cannot connect.  Yet even a simple telnet showed that it connected fine.  So as we were about to cheat and have them zip and send names.nsf and some other stuff to set the server up locally and then let replication take over, NotesPing was quickly tossed on the server to some interesting results.:
Determining path to server XXX.XX.XX.94
Available Ports:  TCPIP
Checking normal priority connection documents only...
Allowing wild card connection documents...
Enabling name service requests and probes...
Checking for XXX.XX.XX..94 on TCPIP using address 'XXX.XX>XX.94'
  Connected to the wrong server SaidServer2/SaidDomain using address XXX.XX.XX.94
  Connected to the wrong server SaidServer2/SaidDomain using address XXX.XX.XX.94
  Unable to connect to XXX.XX.XX.94 on TCPIP (Connection denied. The server you connected to has a different name from the one requested.)
Checking low and normal priority connection documents...
No default passthru server defined

So NotesPing showed us that the server they gave us as an IP address and name, was not the right one for one of the two variables for the setup.  Correcting either the IP address for the SaidServer or the server name for the IP address solved the issue.
    for this posting

    On Monday, March 24th, 2008   by Chris Miller        

Understanding the new AOL IM filtering rates

Some of you hopefully read the posts and technotes regarding the new filtering rates that AOL has deployed against chats coming through the Clearinghouse.  Well I started getting emails and pings asking what it all meant.  So to honor everyone's requests, I did some digging around with AOL people to get some answers:
  • The rate limit numbers are not linear
  • The rate limit numbers are built dynamically with an algorithm, meaning each company will be different
  • If you run a bot that does heavy traffic, like an automated helpdesk or query bot, through your Sametime Gateway into the Clearinghouse, you may contact AOL to have it provisioned

So as you see there is no hard numbers per customer, per connected Sametime Gateway.  It is a dynamically changing rate based upon your normal usage.  Now I know they do not have 40 guys that are there doing simple math charts.  Which means that if you suddenly spike the amount of traffic you are sending through the gateway into the AOL Clearinghouse, you might get limited down until they figure out what is going on.  Meaning you might end up calling them.  So if you are implementing a new bot, I would get in touch with them and get it provisioned first

Make sense?  If not let me know.
    for this posting

    On Friday, March 21st, 2008   by Chris Miller        

March Sys Admin newsletter is out.

Get yours today hot off the presses!

* From the Editor: Chris' .4630821 VGS
* From the IDoNotes Mailbox: Bringing Together Multiple Sametime Services
* Part 2 of 3: Domino Monitoring and Reporting
* Quick Tip: Can Both Lotus Sametime and QuickPlace/Quickr Be Installed on the Same Server?
* From the IDoNotes Mailbox: Websphere Books For the Sametime Gateway and Sametime Advanced

    for this posting

    On Thursday, March 20th, 2008   by Chris Miller        

GoogleTalk expands to AOL with Open AIM

Image:GoogleTalk expands to AOL with Open AIM

They are not federating the two services, rather Google grabbed onto Open AIM and said why not log in from our interface into both.  So Google Talk becomes a consolidated IM client.
    for this posting

    On Monday, March 17th, 2008   by Chris Miller        

Domino 7.x and higher HTTP server bug we found today

Due to a very bad UPS device, thrown circuits for protection and gremlins, we had a hard crash on some servers this morning.  So here is what we found out.

All the Domino servers restarted successfully as a core, but any server that had HTTP in the servertasks= line would not fire up the task after the hard shutdown.  We had to manually go in and start it to clear the alert.  This was on all the servers 7.x and higher (sorry no older ones to test on)

    for this posting

    On Wednesday, March 12th, 2008   by Chris Miller        

February started a 3 part Sys Admin newsletter series on monitoring

I just presume most of you see, read or subscribe to the Sys Admin newsletter.  But as I sat here writing the March edition, I realized you may not.  So get over and catch up darnit.   There was a Blackberry series last year and right now is the middle of a monitoring series.

What are you waiting for?
    for this posting

    On Friday, March 7th, 2008   by Chris Miller        

review of new chat product Digsby

I posted this at my alter blog but it sure consolidates a lot of my efforts quite nicely.  It is lighter than Trillian Astra, at this point, which is a nice touch also.  Take a peek and grab the beta.
    for this posting

    On Wednesday, February 27th, 2008   by Chris Miller        

LinkedIn goes mobile - wap and iPhone (does anyone use it?)

You can catch the posting from their own site here, but the following image shows what they offer

Image:LinkedIn goes mobile - wap and iPhone (does anyone use it?)
    for this posting

    On Monday, February 25th, 2008   by Chris Miller        

Interesting pop-up during 8.0.1 install

Image:Interesting pop-up during 8.0.1 install

Interesting since it was a workstation...  with an upgrade happening  ..from Notes 8.0
    for this posting

    On Monday, February 25th, 2008   by Chris Miller        

Upgrading to Lotus Notes and Domino 8.0.1 document

If you follow my Lotus Support Mega RSS Feed that I created for all of you (including widgets) then you would have caught this.  If not...  here

IBM Lotus Notes and Domino 8.0.1 (including Lotus Domino Web Access and Lotus Notes Traveler) are now available to address issues and provide new features. The following document contains important resources to assist you with your upgrade to Lotus Notes and Domino 8.0.1.

    for this posting

    On Tuesday, February 19th, 2008   by Chris Miller        

A Lotus Support Mega Feed widget and Google Gadget for you..

I created a Google gadget of this also but I am piping my LotusChannels Jaiku feed into Dapper to make some widgets and gadgets. Then we can toss this into the Notes 8.0.1 widget sidebar and viola!
Note that you select which technote you want and click the twisty to have it slide open to see more of the entry

 Add to your site powered by Dapper 

    for this posting

    On Tuesday, February 5th, 2008   by Chris Miller        

Well the kids already have Sametime, who not this..

One part of me really doesn't want to know this much all the time.  The new age parent says this is a great ideas.  See the image..

Image:Well the kids already have Sametime, who not this..

Seems to me the old idea of be home by dark is gone.
    for this posting

    On Monday, January 7th, 2008   by Chris Miller        

Sametime 8 client hotfix issued - I saw this one coming

Issues have come about with the deployment of the Sametime 8 client.  There is some missing pieces to the provisioning mainfest that will prevent the ability to properly upgrade/update the client in the future.  If you already have 8, you have to get the patch out there.  If you are just staring to deploy Sametime 8 clients, then get this in place first.  This technote goes into full detail on the fix and what is being changed.
Without implementing this fix, administrators will not be able to successfully maintain Sametime Connect clients and keep them up-to-date with the latest maintenance releases.

If the Sametime 8.0 Connect client has not yet been deployed, administrators can simply replace the provisioning manifest (also known as the install manifest) with the updated one included in the download package referred to above. This issue impacts both the stand-alone client installation package as well as the Network Client Install (NCI) package.

    for this posting

    On Saturday, December 29th, 2007   by Chris Miller        

Symbaloo desktop review (updated via Alan)

Alan and Carl had both posted on Symbaloo.  While I was doing a site review for the other blog, I figured it might well fit into this one as well.  This site actually has a hidden social networking hook, allowing you to create custom pages and send them to others to use as their desktop.  Much like Pageflakes does in theirs where I already created pages for Notes bloggers and the Lotus Support RSS feeds.  (listen to my podcast interview of the Pageflakes founder, a former Notes guy)

Since there are screenshots on the other pages (including webware) I will leave those out but tell you what I think.  The iconic type desktop works well overall.  While some of the icons actually utilize the main center window to show the results of what you click, others open new tabs or browser windows (found in settings).  You actually get the most function by making your own pages and adding content that you want.  There is more than a handful of built in widgets and feeds, from there you can also add your own site or feed. There was 2 Gmail links.  One took you to the actual Gmail login page in a new tab, the other was a functioning widget.  I would suggest they blow the new tab one away and stick with the widget to keep you in their page.  I also found I could not drag the icons between pages, which is something we are used to in Notes for sure.

What I didn't like is how most of their icons they provide of them simply took you to the site.  You cannot enter your credentials and have it log in and bring you some form of miniapp window.  Symbaloo is a visualization of your bookmarks.  But there is no way to take my existing bookmarks and make them a visual page!!  That bites.  I also could not find a way to import an OPML stream to have it populate pages with existing feeds I watch.  RSS streams in the blocks would make this site somewhat useful, but I still prefer Particls, Spokeo and now Streamy.  I found places to manually enter single bookmarks and manually enter a single RSS feed, both labeled beta at this time.

You can create links for audio streams and use widgets for Last.FM.   But the widget area has a lot of room to grow before it is very useful.
    for this posting

    On Friday, December 28th, 2007   by Chris Miller        

Microsofts first thoughts into social networking

I will say this first, I do have my issues with Lotus Connections.  So this is not a Microsoft or Lotus bashing post.  It is a posting directed towards social networking in the enterprise.  Many of you know I run an alter-ego blog at TheSocialNetworker.  I am starting to get more site review requests that I can run through in a timely manner, so I take the ones that look the most interesting and go from there.  So I ran across a slide set found here that was co-presented by Peter de Haas at the end of November 2007.  I see he and Stuart had some comments back and forth when I went looking in his archives.  In the set there was the following slide towards the end:

Image:Microsofts first thoughts into social networking

If you take the second line that says Microsoft 2007 Office System, you could go with either Lotus or Microsoft on this one.  So without reading what Stuart had to say on the topic, I have my own thoughts.  Both of the companies are fighting for what the consumer (public) space already has in abundance.  The question are:
  • how to relate it to business usage
  • secure the data
  • get people to utilize it
  • allow outside data to be referenced and pulled in
  • give the users the Ohh's and Ahh's they find on the consumer side
  • provide presence both for internal and external awareness
  • open the system to pull in external feeds in a structured and loose manner (ie: Attensa and user defined feeds)

The approach on the underlying purple, blue and green colored areas above fit into both vendors.  The question is who can make their product grow up the quickest and maybe pay attention to suggestions (cough cough)
    for this posting

    On Wednesday, December 26th, 2007   by Chris Miller        

IBM shows off Metaverse

I just came across an article on discussing IBM Metaverse project.
IBM's Metaverse virtual reality software ... Though still a bit rough around the edges-it won't be mistaken for Second Life-some 2,200 IBM staffers are testing ways to collaborate with colleagues in the Metaverse, according to Mike Ackerbauer, innovation manager for collaboration development at IBM.

Ackerbauer said IBM staffers leverage IBM's internal virtual conferencing application through Web services to have online meetings in 3D.  This approach is a boon for IBM employes, who are spread out all over the world.

The meeting room Ackerbauer showed eWeek was sparsely furnished, but serviceable, with a screen on the wall to simulate the typical conference room.

What interested me was the statement in the article that they are looking for VOIP solutions inside of it, including hooking it to Lotus Sametime.  Forget making profiles in Lotus Connections, get ready to make avatars.
    for this posting

    On Friday, December 21st, 2007   by Chris Miller        

Update on ’Click to Map’ and ’Convert to Call’ Blackberry posting

I posted a couple days ago on the missing feature that we saw at Lotusphere2007, but didn't seem to surface in the Sametime or Blackberry messaging client.  Well I finally got some updates from same avid readers to the blog across timezones (I love the Internet) :
The demo that was shown at Lotusphere used the Ascendant to bridge all the Sametime users into a conference call.

Then another update showed from someone else putting it all together
Today, you are "linking" a Sametime user to an entry in your address book so that you get the added menu items of "Email, Call, SMS, MMS."  RIM will add the Click to Map feature

Looks like a winner when it arrives!
    for this posting

    On Wednesday, December 19th, 2007   by Chris Miller        

’Click to Map’ feature with Sametime and Blackberry - where did it go?

I happened to be poking around Lotus Greenhouse and saw a bookmark from January 2007 (Lotusphere2007) for a press release between Lotus and RIM.  It highlighted the new "Convert to Call" and "Click to Map" that would be possible.
RIM Showcases Unified Communications Breakthrough for Blackberry Users At Lotusphere
RIM is showcasing a new feature called "Click to Map" that will allow users to generate maps on a Blackberry handset within the context of a Lotus Sametime session.  The "Click to Map" feature will launch Blackberry Maps from within the Sametime client software and generate a map that illustrates a colleague's location based on presence information retrieved from Lotus Sametime.

This is a cool feature I would love to see in place.  I know the "Convert to Call" is kind of there, but that seems to not be in place either.  Maybe I missed something in implementation or does this need the Sametime 8 Advanced Server that is not due out till next year some time?  Also, does the map render from the location they type into the client?  I am not sure how that would work either looking at the preferences in the Sametime Connect client for the Blackberry as shown in this screen capture:
Image:’Click to Map’ feature with Sametime and Blackberry - where did it go?

I can't seem to find a menu item for mapping the user in the Business Card or main screen.  Anyone?
    for this posting

    On Tuesday, December 18th, 2007   by Chris Miller        

Sametime 8 server install - no DA for you!

Sametime normally would create the required Directory Assistance on the fly and keep right on rolling.  A fresh Domino 8 server and Sametime 8 install gave the following today:
error returned from CreateSTDatabases
Error encountered in the local server while setting up LDAP directory support da.nsf

File does not exist
DDNALocalDominoSetup returning with error code = 0103
SetupLocalSvr returning with error code = 3701
SetupSvrMergeWithDomino returning with error code = 3701

function: TermNotesRT

I quickly started the Domino server, created the Directory Assistance and then restart the Sametime setup.  Weirdly it now saw the install as the ability to:
  • Install a new instance of Sametime ?!?!?
  • Upgrade an instance of Sametime ?!?!?

I took upgrade as fix the install that is there please.  And away it went.  Now let's see how it did.
    for this posting

    On Friday, December 14th, 2007   by Chris Miller        

The Sametime 8 upgrade is not an upgrade in reality - lesson learned from yesterday

I made this posting yesterday to an interesting number of comments and this one might go a bit further.  Sametime 8 gets closer to an actual provisioned installation.  Much better indeed.  I praise Lotus for listening to my rants on provisioning and deployment management.  However, this became a noticeable problem here and after consideration and some talks with those deep in the bowels of Lotus Sametime development we (as in they and I) confirmed my fears upon first testing.

Here is what happens.  Sametime 8 does not see the previous install path (as shown yesterday) since it is not upgrading your Sametime 7.5.x client.  It is installing Sametime 8 and then uninstalling 7.5.x from your system.  It reads your settings and places them into a lookaside database to move them across during provisioning of the new 8.0 client.  What this means to you is that you then cannot install into the same directory you had 7.5.x at first.  If you install 8.0 into that folder and then it goes to uninstall 7.5.x it really removes all the new files also.  Quite the conundrum isn't it?  I know I want mine in the same path all the time.  With this scenario, I cannot hit the site and have it upgrade what I have in place.  So if you have company standards on how the client is installed, you may be looking at uninstalling the old version from everywhere, then running the install for 8 afterwards into that same directory.

Lotus also changed the folder structure and naming of the Sametime Connect files.  This adds a new level of change for the plug-ins.   We will cover more on plug-ins on the next posting.
    for this posting

    On Wednesday, December 12th, 2007   by Chris Miller        

One of the first problems with the Sametime 8.0 client upgrade arises

This image shows on a fresh laptop that only had Sametime 7.5.1 installed a couple weeks ago.  This was the network install attempt and then the locally saved attempt at a Sametime 8 client install on the same laptop.  The first thing to arise was that it did not see my previous installation path.

Image:One of the first problems with the Sametime 8.0 client upgrade arises
    for this posting

    On Tuesday, December 11th, 2007   by Chris Miller        

Issue with the Sametime 8 network-install if you misconfigure the original network package on the server

Here is what I found.  I installed the Sametime 8 server and also placed the network-install package on the server.  For those of you not familiar with it, I suggest you go read how this is done over here.  I then started the download.  I forgot to specify the base URL inside the download properties though and when the install attempted to complete, it came up with errors.  Lots of errors.

I then went back and placed the correct URL in the download properties file and tried again.  I noticed that the install seemed to download incredibly quick.  Halfway through, it then stopped and just sat there for a long time.  I killed the install and tried again.  Same thing.  It then hit me.  The original download was still in my cache for the browser so it was still reading the bad data.  Here is a screenshot:

Image:Issue with the Sametime 8 network-install if you misconfigure the original network package on the server

So I went in and removed that bottom file from the cache to see what the result would be.  As expected a much longer download started again.  You need to know the original part is 29MB and then more is pulled from the server.  The client code itself is still 135MB when it is on the machine.  So I am off to delete the file and redo the install.
    for this posting

    On Sunday, December 2nd, 2007   by Chris Miller        

IBM releases the system requirements for Lotus Connections 1.0.2

You can find the technote right here
Content Hardware requirements
The following hardware is required for the systems that host IBM® Lotus® Connections services.
At least two Intel® 64 or IA-32 based server machines
Two CPUs per server, 2.6 GHz CPU speed or higher
Minimum 4 GB of memory per machine

Plus a special note for using Lotus Domino as the directory source:
Lightweight Directory Access Protocol (LDAP) server
IBM Lotus Domino 7.0.2 and later.
Note: Before you can use this LDAP server, you must apply fix PK52839 to WebSphere Application Server.

    for this posting

    On Thursday, November 15th, 2007   by Chris Miller        

A hidden Gmail gem to pass along to use in Notes RSS streams.

I picked this up from the following blogger John Resig..
Gmail has a hidden feature: Atom feeds for Labels! The technique is simple:
1.        Setup a filter to catch all email from a specific mailing list.
2.        Apply a label to all of that mail (e.g. 'list').
3.        Access the Atom feed via this URL: (changing 'list' to be the name of the label.

So if you take this and then flip it to Domino, you could create a rule to tag or sort your mail-in databases and then push this out to the feed readers with the RSS capabilities of Domino.  This would solve an alert issue for numerous people that share part in a mail-in database.  Everyone could read the stream based on what category they handle from a single course that is tagged/foldered/categorized properly like you can do already with my blog.  Go to the archives tab above and look at the different pre-categorized feeds you can get form one single database.

Same idea, just move it to other data stores in your Domino architecture.
    for this posting

    On Monday, November 12th, 2007   by Chris Miller        

How much memory does the Sametime Gateway consume?

I get asked this question often and there are factors around total usage, number of chats and the rest of the usual suspects.  But I wanted to show you a simple screenshot of memory from the gateway being up somewhere around forever in terms of the Sametime Gateway

Image:How much memory does the Sametime Gateway consume?

There you go, just over 600MB of RAM dedicated to the gateway including some DB2 processes
    for this posting

    On Tuesday, November 6th, 2007   by Chris Miller        

Follow-up for issues with Premier audio adapter

So last week I had a blog posting about the issue surrounding the Premier Audio Adapter for Sametime.  One question came in that needed a definite answer.  Some of you were trying to update the certificate and could not find the location.  Well from Chris O himself who did the majority of making Premier talk through submission holds, here you go:
Location of keystore for Premier - Tell him to look in the notes.ini for the location of the java SSL keystore.  That is the location of the file it is using.  We actually had to remove the file and then create a new one with ikeyman and import the Equifax cert since it is not a default certificate

    for this posting

    On Monday, November 5th, 2007   by Chris Miller        

A warning if you run the Premier Audio adapter for Sametime

We ran into this issue the past week and I wanted to share this.  We have a Sametime server that runs the 7.x code stream with the 7.x Sametime code on top.  It also has the Premier Audio Adapter for holding the audio bridge conference portion.  Well it suddenly stopped working and communicating with Premier to begin the bridge.  IBM seemed to be stumped and pushed us to Premier.  Premier says they don't totally "really" support it either since it was developed by IBM and handed to them.  So we get stuck in the middle.

Alas, never mind that portion we found the culprit of why it stopped working.  Premier updated their SSL certificate on October 4th of this year.  The local keyfile had the expired previous certificate.  So it just never connected.  No warning, no alert, no log.  No connection.

We could get no debug variables to place in for the adapter so after a clean install and replace some files I copy in below, all was well once again after a week of running in circles.  Good job to Chris O at my office for sticking this through and beating out of them that they changed their SSL after we told them that was an issue a ton of times before we got confirmation.

The AA install program installs a stkeys.jks file that I cant 'open' using Ikeyman, (haven't tried certsrv). So after a re-install i delete the stkeys.jks file that the audio adaptor creates, and then create a new one using Ikeyman. But the Equifax cert ( the SSL cert premiere uses )  isn't included by default so I had to download it and add it to the stkeys.jks.

    for this posting

    On Tuesday, October 30th, 2007   by Chris Miller        

the LATimes reports that Comcasts admits to ’software glitch" blocking Lotus Notes

You can read the article from yesterday right here, but the main quote:
Comcast officials say the Lotus Notes problems were caused by a software glitch, adding that the company does not block customers from using file-sharing applications. It does, however, manage its network so that a few subscribers using bandwidth-hogging programs don't slow everyone else's Web surfing.

    for this posting

    On Wednesday, October 24th, 2007   by Chris Miller        

As we prepare to his DST again, I sat in the open mic call this morning. A simple request to Lotus..

I previously did posts and podcasts on this topic (I even took a humorous slant after upgrading countless servers).
  • Listen to Episode 28 with Scott of Lotus that not only got downloaded an amazing number of times, but had tons of info.
  • Listen to Episode 27 with Andy and Rob of Technotics as we talk all about DST impact

But I noticed one thing from listening to the callers this morning.  A lot of people have been doing upgrades, changes and deploying applications since the last DST time change.  Yet everyone has the same question.  What version has what fix and if I upgrade is it done?

So Lotus, we need a simple scenario listing in a whitepaper or technote that shows the outcome of where they are now and what steps are needed.  Such as:
  •  you already patched for spring and have not changed the server code
  • you patched for spring and have now upgraded to X.xx version
  • you just installed version 7.0.2, is there any patches I need or is it included?
  • you were in a version 6.5.x and patched in spring, we then upgraded to 6.5.6.  Do I have to repatch?
  • Other countries are now going into time changes, so if I have international servers/users I now need to patch those? (like Australia and Brazil)

    for this posting

    On Thursday, October 18th, 2007   by Chris Miller        

live blogging the Sametime 7.5.1 Open Mic call this morning

So while I wait on hold for it to begin, I will take a few guesses at questions that might get asked.  This session is being recorded by IBM
  • Provisioning
  • Performance
  • Policies
  • Stlinks
  • Telephony integration
  • Peer to peer audio and video

Ok, here we go...  Bill McAnn was the call moderator. hey took some questions from the forum first to prime the call
  • Lock a client to connect to a specific Sametime server geographically? Yes, point to a home Sametime server.
  • I have installed Sametime 7.5.1 client and did the Outlok disablement hook after following the workaround.  But when upgrading to FP1 it came back.  This will possibly be fixed in a later version, but not 7.5.1  Technote #1259391 addresses the issue

off to the live calls
  • I know the voice and name of this caller!  But I wont call him out.  He wants to build a silent install package to dump out with SMS.  There is some issues with this.  There is a new client with the proper fixes, including CF1.  It comes with the installer and since it is a full client you have to open a PMR to get the updated installer package.
  • Provisioning the preferences in the Sametime client. One is the site update.  One is the plug-in customization.ini, but that only gets read once.  Does the site update have to be a feature jar file?  The feature jar file approach is delivering a new or updated piece to the plugin_customization.ini filer.  This file is read each time the client is started.  The ini provides the default settings preferences.  End user overrides in the client preferences will still overtake what is set in the ini file.  You cannot swap it out at install time.  An update site must be a jar file
  • Policies regarding chat recording, with the value set to save or not save.  If you uncheck this does it force down to users not saving chats.  Lotus says unchecking this does not set auto-save in the client.  Checking this forces the user to save chats.  There is actually two policies.  One allows them to save at all and the other allows auto-saving.
  • When was the silent install that includes the msi, when was it released?  Sep 21st or so was the release date.  Also, they want to fill in the community name and pre-configure TLS?  Craig jumped in to say he belive it is possible now.
  • They have multiple servers, a web portal with stlinks, web conference server and chat servers.  People get logged off when the move around servers, why?  Jennifer at Lotus says Portal was giving a new IP address coming in so it was being seen as another user.  She gave the example to ignore when you come in twice that goes in the config section.  The user must also be homed to a Sametime server or cluster.
  • The CF1 version of 7.5.1 takes care of a lot of issues but one they had.  When you install and launch the client the Terminal Services application continues to run?  Harry, dev manager at IBM, asked to clarify operating system and client.  It was OSX 10.4.10 with Sametime 7.5.1 CF1.  When you launch the Sametime client it also launches Terminal Services.  They do not quit and continue to stay launched.  The client works fine, but you must manually quit the Terminal Services.  The Sametime 8.0 beta weas brought up to try it there.
  • The next caller wishes to turn off the resert button in the client.  Craig said there is no policy or previous request to turn this feature off.  The caller saysd for compliance reasons they muyst lock the user from being able to change communities.  Craig says 7.5.1 said you can change the host without resetting the user, which could be an issue.  He referred to the policy to force the default community.  Unless you have multiple communities, then this policy would apply.  The caller has Facetime in the middle to capture for compliancy.  Lotus suggests hiding the Sametime MUX so no user can directly connect to it.
  • The user policy, user preference, and then plugin_customization.ini is the order of load for the Sametime Connect client.
  • I missed one call for a person coming in, sorry
  • The next caller asked about the StReflector being set up.  If you are doing many audio or video chats then moving it to another box will assist in performance.  Voice chats work fine internally but not over VPN nor outside, including NAT.  The reflector will let each clients see the others IP address.  Point to point will always be first, then the reflector.  With exxternal users with symmetric NAT you put the reflector outside the organiuzation.  A normal or non-NAT firewall, the clients will still try to do point to point.  The reflector must be able to go through the firewall.
  • Prudential wants to deploy a basic client and send out the features, yet they cant lock them down.  They want a list of what cnd cannot be locked down.  The only settings available for lockdown are those in the policies on the server
  • Can you secure audio and video to a particular group?  Yes, use policies

    for this posting

    On Tuesday, October 16th, 2007   by Chris Miller        

A blog sitemap for composite applications in Notes 8

While we were here at the Notes and Domino 8 Upgrade Seminar, I needed a place to send the users to get as much information on deploying composite applications (aka shelf-apps, plugins, whatever) into the Notes 8 client.  Well low and behold a decent one existed..

Here is the page...
This web log is a joint effort by the key technical architects and user experience professionals to open a direct line of communication with developers about the capabilities of user facing composite applications.

I also had the link up on how to move a Sametime plug-in to Notes 8 client.  Here was that link.
    for this posting

    On Friday, October 12th, 2007   by Chris Miller        

The debate on message recall while we are here at the Notes and Domino 8 Upgrade Seminar - Philly

While Andy blogs the pictures and what happens while he is not onstage presenting, we had a good conversation yesterday on message recall features in Domino 8 I wanted to recap from when I was presenting.  We learned some time ago that message recall would be on by default when you either install or upgrade the server to Domino 8.  Here came the comments.

The issue is that if you wish to have it on in the server configuration document, policies must then be used to turn it off.  Instead of enabling it further for certain users, which one would expect.  When I relayed info from the podcast that Susan and I did weeks ago about how the Domino 7 server will send the recall requests to the Internet by default and you can even recall mail sent in the past before the upgrade, eyes went wide.  The final straw was that no indication is left in the recipient mailfile that a message was even there.

This discussion and slide review covered about 30-40 minutes of the session itself.  Without giving away all the parts, just because it is a new feature doesn't mean it should be on was the general consensus.  Some said they would have it enabled after some time, but having it on when you install/upgrade was the wrong choice.
    for this posting

    On Thursday, October 11th, 2007   by Chris Miller        

An interesting update on the Sametime Gateway architecture

This is something I did not know and never would have encountered due to the way I implement this solution at customer sites.  In the Gateway configuration you specify a local Sametime Community.  Which of course is where your users reside.  Well you only specify one server in this listing (or I should say one DNS name) for connectivity.  The Gateway then goes about it's business and starts serving presence awareness and chat services for the public providers.

Well unknown to me, if you do not run in a central clustered environment and have users spread across servers that may be geographical or just in the same place , but not clustered, the gateway needs and wants a port 1516 connection to each and every server, which it then holds in a local file.  This does not worry me as much as it appears some company security groups.

The Gateway is just what the name applies, a gateway.  Just how you deploy external SMTP servers and then only allow them in through the firewall, via trusted IP's usually, this acts the same.  So have no fear, the Gateway is doing it's job by not storing data and only offering a direct connection to the public providers and then 'proxying' the traffic to Sametime.  Your user directory is not affected as well as you can control which providers come into the Gateway and then how just the Gateway communicates to Sametime.

So do not freak out, it is all in how you present it to the team in most places.  Those that still don't get it, probably never will.
    for this posting

    On Monday, October 8th, 2007   by Chris Miller        

My Diary - 4 days as a Blackberry only user, no PC access

So it all started on Sunday when I went to the airport to head over to Finland via New York.  Of course I check my flight status, get last minute emails and other weird things people do to waste time on the Blackberry.  I land in New York and check the next flight as I walk across the terminal, looking with half an eye so I do not run into anyone.  Or anyone else checking their Blackberry or smartphone that happens to be walking towards me.  

We don't look anyone in the eye anymore, we stare at tiny few inch screens.  Or we walk with the Borg attachments in our ears in circles in the airline lounge talking to seemingly no one.  Quite loudly.  In circles.  Loudly.  Talking to no one.  We have cords strung from our ears to our waists and can type 40 words per minute without looking and with one hand.  We can re-book a flight while everyone else stands in line, but we can't remember how to communicate with people verbally.  Heck, half the people try to mimic smiley faces with gestures now just to act like they are sending chats

I shut down all electronic devices as required and prepare to get some rest on the flight.  Which does not go as planned, but not as bad as getting no sleep at all.  Once off the plane it is time to turn the Blackberry back on to check if the car service is there and if any other plans had changed.  All is well and on schedule.  I arrive at the customer site and get straight to work.  They don't have an extra network line ready for me in the conference room and I accept that I cannot get on the wireless.  No problem, the corporate housing awaits that evening (or 8am my normal home time)  So I would not have missed much of anything and I got email all day.  well the housing has one TV in a common area and one PC line in there also.  No lines in the rooms, no wireless.  I can live with that.  Until I discover that the PC line there only accesses their Intranet and you need a username and password for the proxy.  I send a quick email with the Blackberry to the team I worked with.  Some answers from their Nokia phones.  We can check tomorrow.  I say hey, I have email and a bunch of DVD's  haven't watched anyway!  Time to relax for a night.

The next day I load JiveTalk to consolidate all my IM services onto my Blackberry instead of individual clients.  More on that later.  I like it though.  I also have the office set me on tether modem on the Blackberry but overseas it gives me some weird error.  Maybe because you dial that weird #777, who knows.  I work on that later.  Word comes from the security team that they are very unfriendly and do not have or will issue a temporary proxy account so I can use the network there or at the housing.  So I am full fledged Blackberry and accept my fate.
  • Lotus Notes email access - well duh, BES server
  • Sametime - Yes, Sametime Mobile 8
  • Chat - JiveTalk for AOL, Yahoo, ICQ, Google and MSN
  • Google email - yes I have the downloaded Blackberry mail app from them
  • Other emails already configured to go to the Blackberry device through BIS
  • News and such - many choices.  Bloglines for Blackberry and Pocket Express
  • Facebook - Blackberry access in browser at
  • Jaiku - Blackberry access via JaikuBerry
  • Blackberry Messenger - for all the time chat to the wife on her 8830 and also friends with Blackberry that have connected
  • Tethered Modem - heck no, Verizon Access manager needed which takes a PC to get.  Their website is not Blackberry friendly at all and really needs a WAP interface.  All the darn scripts drove me nuts using the Blackberry browser

So where do I sit now?  Thumbs really do hurt some, the battery goes faster when you constantly use it, I expect no less.  Could I make it my lifeline, sure.  Do I need some of the Domino apps, sure.  That is how we do business.  having them offline is great, but not being able to sync does no one any good.  The Blackberry stepped up when it needed to and covered all the basics.  It does have me on the hunt for even more and better applications for it too.
    for this posting

    On Wednesday, October 3rd, 2007   by Chris Miller        

Live blogging - Enterprise Social Software webinar by Radicati

The guest speakers didn't make much sense at all to me for Social Software for the enterprise outside of 1
Matt Anderson of Radicati was the speaker.  After 5 slides it went to Q&A with the panelists.
  • Vendors that they listed included Lotus and a slew of others I did not know offered such solutions.
  • The suites are what Lotus Connections offers with some added parts like Business Intelligence
  • They then have specialists that work on each part of the software itself
  • The market drivers were just what you know now.  Make some teams and share some info then find people around them
  • The market barriers are what you expect but easily overcome.  Compliance (US issues), deploying new technologies

Q&A section
  1. What does your offering provide to set it apart from other offerings
John Landau - Current enterprise software is inside the firewall focused and Huddle is trying to get externally focused as well.  Pushing for the MySpace generation and use of social networking is growing and businesses are banning such site access to MySpace.  The Huddle tools are aimed at business users.  The low cost of Huddle was their other point of their offering
Mike Walsh - They are trying to making it easier for the business person to make and find relationships.  Taking some of the Web 2.0 items , with security and making it easier for the business worker to share information in a collaborative environment within and outside the company.

2.   What was the initial pain point that caused them to look for a social networking solution for their enterprise?
Janine Popick - They have 30K small business customers with only a small number (50) of employees.  So they are the customer experience side.  They let the customer

3. How has business social software changed how employees share information between themselves and with customers?
Janine Popick - They have an award winning blog.  Employees post more content to give them exposure.  They use Leverage as their social software choice it was said.  They also started a Facebook group with about 200 members giving product feedback.  There is a wiki in place to post documents and share information.

4.  What are some of the key factors when vendors go up against Microsoft Sharepoint in this space?
Mike Walsh - Everything is based on the needs of the users.  It varies across prospects.  He said Sharepoint, which is a great product, and Lotus Connections, which he was not familiar with, helps them find the right people for a specific person to assist with a project or prospect.  he said Sharepoint seems to be for internal collaboration behind the firewall.  he does not look as them as a competitor, but as augmentation.
Jon Landau - They are often compared to Sharepoint.  The perception he finds is that is a free tool but the TCO is incredibly high for a business.  It does well for internal collaboration.  But the idea is to bring external clients together with the inside groups and becomes costly with Sharepoint.  Kingfield is a customer of theirs, and they were looking at Sharepoint until he brought Huddle to them.

5.  What were some of the critical features that your business looked for in a social software package?
Janine Popick - They found that their customers that used their service needed different feedback.  So small groups of customer types are forming.  They are also able to push focused product release information.  Finding users "like me" on a people map and then reaching out is helping the company since they already compile a large amount of data from each customer.  Live chats are helping get feedback on what features of their product are most important.

Questions from the audience....
1.  What are the real benefits, like ROI.  These seem like a solution looking for a problem.
Janine Popick - One of the things they did when deploying was hire someone to manage the deployment.  Without someone to drive and manage this can fail.  This person also participates in the social network by watching and even generating conversations.  On a hard ROI front they know they are saving time on email and feedback processing.  Vocal people in the communities help promote what is needed without them sending out constant user surveys.
John Landau - Huddle offers the ability to share documents and work together internally and with external partners gives a tangible ROI.  If that was done by email instead, You end with multiple people looking at different versions and chasing information.  Huddle has the centralized upload, sharing and work area to set approvals and tasks, etc.
Mike Walsh - They were out as a social network platform before Facebook caught on and now everyone is clamoring for this type of application.  They work with 300 companies with different goals and needs.  ROI might be decreasing support, increasing upsell, increasing customer loyalty, getting products to market faster by getting feedback.  Microsoft, HP, Oracle, Salesforce, Time Warner, NY Times are all sample customers.  Some need projects done faster and others are using it to find hidden talent in the company.

2. Were are a small software startup with 400 partners/resellers, can you describe the benefits of utilizing the software?
Mike Walsh - They do work with smaller companies to share best practices.  Relationship building through the social network is a huge benefit.
John Landau - You are able to bring all these partners and resellers into one social network so you can all chat, talk working group and share information with branding and customization.

3. How does voice and real-time collaboration overlap with services such as the social networking vendors?  Will you follow?
John Landau - Huddle is in a position in the next few weeks to offer integrate single sign-on ability.  Web conferencing tools are also being built into the product offering.
Mike Walsh - Open architecture through widgets allows you to add features and functions even without their help.  They are partnering with companies like Webex and SalesForce, or even pulling in a Skype or Webex widget.  Also a GoToMeeting widget as they used in this conference.

4. Is there a listing comparing what these vendors offer in their social network offerings? (my question)
They will have a listing in the Radicati report

5. How do you deal with issues around compliance. (yada yada yada) ?
Janine Popick - She does have compliance issue it seems.  They use a wiki for a lot of collaboration but will be tightening up how the information is controlled.
John Walsh - needed the question repeated.  The data can be exported so it depends on the requirements of the organization.  One feature they do not have is document check-in and checkout.  Their solution has revisioning and tagging.  How it is completed and found is up to the client, such as Wells Fargo.
John Landau - The document management system saves every version of the document as it is worked on.  Their solution is geared towards compliance.  You can see date and time stamps for all edits, updates, changes and new items.

6. What is the cost for trials of these softwares?
They will send that out later or go to the websites and get some free trials.  Huddle and Leverage offer free trials.

Sara Radicati wrapped it up with not much fanfare but look for their report, of course
    for this posting

    On Thursday, September 27th, 2007   by Chris Miller        

TechDirt article - Will History Repeat Itself With Google Playing The Part Of Lotus?

A short article playing on the fact of Lotus entering the office software space full force.  One part of a paragraph stood out to me
He then equates Google to the latter-day Lotus, painting a scenario where Google smugly laughs off a bloated but feature-rich (imaginary) NewSDK from a bratty startup, only to then get disrupted by this SDK when browser capabilities improve. Of course, part of the analogy breaks down because Microsoft was hardly a bratty startup when it succeeded where Lotus failed.

This article goes after the older Lotus office entry with SmartSuite I believe and not the current Symphony part Deux.  I have not said much about Symphony, there is plenty out there.  I used the Productivity Tools during Collaboration University as well as OpenOffice.  I found issues in both.  I use Microsoft Office most of the time because that is where the masses were right?  But will Symphony part Deux take over a huge slice of the MS Office world?  Not in a large percentage.  Can it assist in the SMB space that uses Lotus already?  Maybe not if they move to 8 and use the built in Productivity Tools.  So the press is behind the announcements, IBM is pushing the newswires with the announcements, people are downloading to check it out.  So how fast will Lotus update the software to match and exceed what is out there now is what remains to be seen.
    for this posting

    On Wednesday, September 26th, 2007   by Chris Miller        

MeBeam (not the old Sametime DataBeam) offers free 8-way video conferencing

I ran across this site and pinged Carl to jump in and see what we could make of it.  There is the good and the bad.  No the bad is not this following screenshot.
Image:MeBeam (not the old Sametime DataBeam) offers free 8-way video conferencing

So we were being silly to play around with the features.  Headsets on backwards and others.  When you use the chat room it takes a snapshot of just how you are when you click send.  So the pictures are resized too small for you to see, but Carl and missing pants is bad all around.

Free video conferencing is good no matter how you slice it if it works well.  This one seemed to do just fine.  Now, we didn't get 8 people in the room, but that is next on the list.  You had the choice between hands free audio and push-to-talk type.  Both seemed to function fine.

Creating a room for the conference did not even require registration at this time.  Simply name a room and click invite and it copied the link to the clipboard.  It then uses the Flash connection for your video and audio.  No problem, worked right away for both of us.  No fuss, no mess, no firewall issues, no downloads.  The chat was, well chat.

It seemed there was a way to record but I couldn't find the button.  Chat worked fine, but needs a bit more ability.  Attaching or sending a file would be nice so everyone could talk.  It still is not a 1.0 release so I imagine more is coming.  I am curious about the bandwidth as this grows, but let's see how it plays out.

So overall, did I say it was free with no firewall issue in the tests?  No tunneling and numerous ports for AV like I got asked yesterday for Sametime
    for this posting

    On Friday, September 21st, 2007   by Chris Miller        

Sametime 7.5.1 slide upload limit

I received a ping from a Sametime admin/company/user with a question regarding the limit in the number of slides per set you can upload to 7.5.1.  Apparently after 100 it would not allow the slides to be uploaded.  So some hunting around came up with this little bit of info for all of you to try out in case you are having 7 hour meetings with hundreds of slides.  Oh the pain of that type of meeting...
You can work around this issue by either creating a presentation of fewer than 100 slides or by not selecting the Master Slide option in PowerPoint.

    for this posting

    On Thursday, September 20th, 2007   by Chris Miller        

Interesting Notes 8 ACL issue we encountered

Sean Burgess and I are working on a top secret project together, ok that is strong but it will be fun, and we created a new Domino blank database.  I created it with a Notes 8 Standard client on a Domino 8 server.  He accessed the server with a Notes 8 Designer client.  Now the weird part.

I couldn't remember, and didn't bother checking, what hierarchical name he used in his id so I simply entered Sean Burgess as unspecified into the ACL.  He could not get in the database.  I changed it to type person and added his O certifier and he got in fine.  Wondering what gives here as this might have other implications for us in multi-tenant cross-certified environments.
    for this posting

    On Friday, September 14th, 2007   by Chris Miller        

Guest Blogger - GSX talks about Domino Domain Monitoring (DDM) and GSX Monitor

Hello all-
Iread with much interest all comments about DDM, in response to my (previously published) article.  I can only say that I fully agree with all these comments and I hope that this post will make things even clearer.

DDM is for sure an improvement and IBM kept improving the monitoring of Domino since version 4.  Some DDM features are very useful and a few of them cannot be provided by any other product, including ours.

My article is actually not only regarding the benefits of DDM, Admins can judge by themselves about its value.  What I can hardly understand is the marketing made by IBM around DDM.  Was there so little to say about new features in Notes 7 that IBM chose to present DDM as a revolutionery product ?  I do not question the value of DDM but all Admins having worked with Notes since R4 know that DDM is mainly a revamp of existing features.
I'm also surprised by IBM's plans of releasing a major release yearly.  In my opinion, a major release must provide significant enhancements and new features.  Fixing such deadlines leads to a very strange situation where 4 different versions of  Notes are maintained, including the version 6.5 which nobody knows whether it can be considered as a major version or not.

The ones having discussed with me know that I'm a strong advocate of Notes for many years. However, I agree with Philip's comment about IBM competing with it's partners and I'll add that I'm puzzled by the lack of long term strategy in this company.   I'd prefer that IBM spends its energy fighting with its competitors, not its partners.  OK, I'll stop now before IBM people get mad at me once again.

Back to DDM, I don't like the design of this product:
1)  It bypasses some standard Notes concepts, which is unacceptable to me:
- automated replication
- relies on Notes when it's supposed to monitor it
2) almost all information is not real time (unacceptable for a monitoring product)
3) it's mainly server based with all related drawbacks:
- resources taken from servers and possible crashes
- problems with heterogeneous environments (versions of monitoring code and servers)
4) real useful features are in my opinion reserved to skilled users

Comparing to Monitor:
1) Monitor doesn't have any of the drawbacks listed above
2) Monitor provides major additional features and supports other platforms (clusters, Sametime, BlackBerry, etc ... and soon Exchange)

In conclusion, I agree with someone's comment that DDM can be useful as a entry level monitoring tool but falls short for monitoring large (or critical) environments.  As far as being a revolution in the Notes world ... let's be serious a minute, it's not.  The real revolution happened about 20 years ago when the concepts of replication, UNID, certificates and views were put together to create Notes.

BTW - nice to see that quite a few people also use our products :-)

Kind regards

Philippe Schlier
E-mail :
GSX Groupware Solutions

Web site :

    for this posting

    On Tuesday, September 4th, 2007   by Philippe Schlier        

Part 2 - the Sametime Gateway Open Mic call last night

I went ahead and posted my notes on this since I had answers (posted in each one with italics) to some of the questions they were asking.  Maybe some of the callers will find this posting.  These were quick notes to myself, and I only slightly cleaned them up.  So bear with me.  (I am headed to vacation)
  • Asia Pacific area looking for a proof of concept install for their business and need NAT and public CA documentation.  Caller said they got the wrong certificate purchased, that it didn't support TLS.  Lotus is working hard in 8 to simplify install and config.  As for NAT, they list the restrictions for NAT due to SIP.  Certain NAT providers are becoming SIP aware due to VOIP and other real-time collaboration.  As I posted about the morning call, I will shoot out some diagrams for everyone since this seems to be a main focus.
  • Caller is implementing Sametime 7.5.1 and having client issues, even with CF1, of getting layout and pre-population to clients.  Preference controls like auto-status changes, for example.  Lotus suggested utilizing the   plugin_customization.ini file to change and set some of the settings.  They have no policy control with the 6.5.1 server and Sametime Connect 7.5.1 CF1.  The issue is that they must then match the new policies when going live with the server on 7.5.1 or 8 to make sure they do not change everything back.  This is a big part of rolling out the advanced client and wanting particular features enabled or set a certain way before the server policies are deployed.
  • Another caller emphasizes the issues with SSL config from Premium Server as first caller.  Thawte server worked fine.  Yes, I am seeing in installs that you need to import root certificates in many instances to get it to work.
  • Australia - IBMUS and Australia connectivity problems.  Customer is using dual network cards trying to route public and private address.  asking if the OS will do the routing.  Part 2 - Wants to talk his SIP to their SIP.  Asked about port 443, which is not right.  He needs port 5061 for encrypted, not 5060 which is unencrypted.  No 443 need.  1516 and 1533 open for internal connectivity on 7.5.1.  Then 1516 for 7.5.1 CF1.   Also asked about LDAP server connectivity over 636.  DB2 server, is it encrypted by default and does Express C handle it?  Not by default, and maybe not in Express version, have to verify that.  IBM SIP gateway connectivity actually needs port 5060 for the first connection then 5061 to finish.  LDAP SSL relies only on the LDAP server having a public certificate.  What data is stored in the DB2 database, a security concern question.  Lotus answers that in the DB2 database you can find the gateway configuration data, user id and group id in UNID form.  Last question, checkpoint firewall in front to cover NAT issue?  Lotus has customers with it.  Multiple NIC cards not an issue as long as its config'd correctly.  I say why not use NAT and routing with a single NAT instead of trying the dual-NIC approach.
  • What kind of arrangement does IBM have with the chat vendors in terms of IP address changes?  same question as this am, same answer.  Then MSN connectivity question.  no official statement yet from Lotus.  I see the IP address changes a hard part for firewall teams that are trying to set the port to only allow certain addresses to talk to the gateway.  That is a tough move when you are relying on a 3rd party (IBM) to tell you when they are changing their IP addresses.  How about just moving to a DNS range for the provider and then everyone is happy.
  • SIP phone as PBX install.  Asking for connectivity options as general PBX integration.  Good question but no comment was provided to direct them to the vendors writing plug-ins and softphones.
  • Customer wants an  easy way to find out what other corps are using the gateway?  Lotus does not keep or publish that.  Creating a Sametime Gateway group in Facebook or a posting in the Sametime forum was a recommendation.  There is a Facebook group for the Sametime Gateway already with a good couple handfuls of members

    for this posting

    On Friday, August 31st, 2007   by Chris Miller        

Thoughts on the Open Mic call for the Sametime Gateway 7.5.1 this morning

I attended the Open Mic call on the Sametime Gateway this morning to see what everyone had concerns about. (Do not worry, this call goes live again one more time tomorrow I think, see the website or Partner Forum for details).  Well I came away with concerns myself as I see how this is getting implemented at the larger enterprises.

There were at least 15 calls taken, and I managed to capture and write down the main point of each one.  The majority revolved around a couple key areas, and that is where the concern is.  Participants were asking for network diagrams, port settings and allowable IP addresses and better clustering support.  While some of the questions did receive direct answers, in my opinion some did not.  Now someone there will say it was not official support inquiries, no official statements, yada, yada.  But when you have large enterprises trying to deploy a clustered solution in large deployments with too many network security teams in the mix, well you get confusion.

First thing to the companies.  Too many companies are trying to reverse proxy, put servers in front of server even in the DMZ, build SIP clusters with load balancers/IP sprayers.  I agree with one thing for sure, everyone needs the cluster support to deploy this is an enterprise solution.  As for all this worry over this server in the DMZ, why the stress?  No data sits on the gateway server, it connects over SSL to your internal LDAP (further restricted by port and hosts is needed), it uses the encrypted VP protocol to the Sametime clusters in the back.  DB/2 can sit behind the firewall restricted by host/port access also.  So you basically have a shell running a program that acts as the gatekeeper.  Or gateway as it is named.  Get the security team to understand this.  There is no data to be protected, if the gateway gets bombed or hijacked, then they get an empty shell that you cut off.

Second thing is to Lotus.  Come prepared.  Half answering chat logging questions, diagram requests, proxy support and numerous clustering questions won't fly for long if this is truly an enterprise solution.  Yes you did answer some areas of what is coming, things that are verified in support and even how to map multiple O's through LDAP queries to Domino.  But the lack of testing of clustering and the network outline support is frustrating to most of the callers if my current pings I am getting are right.
    for this posting

    On Thursday, August 30th, 2007   by Chris Miller        

I loaded the Notes 8 full client and got the following..

This was after doing the suggested Ctrl-Shift-L to see shortcuts

Image:I loaded the Notes 8 full client and got the following..

All was better after a restart however and it now works fine
    for this posting

    On Monday, August 20th, 2007   by Chris Miller        

Part 3 of Sametime 7.5.1 CF1 schtuff

So here is the big issue.  The documentation indicated you can set a policy for multiple groups of users and then update the users with different settings, plug-ins and pushed updates.  Some of this is quite true.  UNtil we get to site update parts.

I would have sent you here on Notes Net, but apparently the published info for CF1 is not complete.  See line 21 for some humor.

So what happens is that you can set an update site in the default policy, but it then overrides all the new group or explicit policies.  You can not set alternate update sites for different users.  They are grayed out with the provided default site.

Move on to leaving the update site blank and then the sub ones are forced to be blank.  Same scenario as above in reverse.  So in essence you have to provide only 1 update site at this time for your user population.  That doesn't help if you want users to get alternate updates or plug-ins at this time.

I bet it is on the list for the future though..
    for this posting

    On Wednesday, August 8th, 2007   by Chris Miller        

Part 2 of this mornings posting on Sametime 7.5.1 CF1

Well here we sit at the next step.  First of all, the update itself requires 2 restarts of the Sametime client.  While a full installation would only require 1.  Yes, they are updating components that need other updated first.  Just a warning for users.

Image:Part 2 of this mornings posting on Sametime 7.5.1 CF1

So the updates do fire down the changes, and they do leave the other files locally, just one of those things to deal with.
    for this posting

    On Monday, August 6th, 2007   by Chris Miller        

Houston, we have a bug..err fix..err thingy for Sametime 7.5.1 CF1

After some gracious time on the phone with Lotus following Friday's posting, we found a few things to make this next screenshot work.  I had the site update listed in stconfig.nsf as the
URL for UIM provisioning:

Image:Houston, we have a bug..err fix..err thingy for Sametime 7.5.1 CF1

This never seemed to work.  Updates were not coming down as I talked about on Friday.  We then placed the site update in the default policy.  Unfortunately we also had to do a reboot.  So I am not sure if the reboot or using the policy instead of stconfig did the trick.  We are testing that again one step at a time to let you know.
    for this posting

    On Monday, August 6th, 2007   by Chris Miller        

Interesting.. the site update isn’t updating anyone yet for CF1 and they did some goofy naming in the updates

I already had the site specified for all the users in stconfig.nsf.  It was the same one I used before for the patches for the Sametime Gateway in 7.5 CF1 world.  Unfortunately it is not updating the clients now with the changes.  I am doing this in stages, meaning I have not rebooted the Sametime server since changing the site.xml file.  It shouldn't need to be done, so I didn't.  I simply updated the xml and waited for today.  Nada, nothing.

So looking at the local files in the plug-in directory you already have for Sametime Connect 7.5.1 compared to the new site update, none of them seem to match from the first 10 iI checked.  Either they had

listed instead of the new ones that did

or they were entire new features that did not exit before.  So the new ones should come right down.  But how about the ones that do the same thing but compete?  Shouldn't they simple update the date at the end of the feature line.  Instead of

They go and toss some oddity name of

How does that update the existing one or how does it know which to use unless called from somewhere else?  How can we clean up these older ones with the updates?
    for this posting

    On Friday, August 3rd, 2007   by Chris Miller        

Overview of the Sametime 7.5.1 CF1 upgrade (updated already)

First let's cover the files.  There is a CF1 for the Sametime Gateway out there, just not Windows yet.  Amazingly the Sametime 7.5.1 server only gets a mere 69MB of update download while the Sametime Connect client gets a whopping 204MB file download

The Readme for the CF1 update can be found right here.


So I compressed the installer and let it fire off for the server.  It says the total update size is 79.9MB and goes on quite willingly.


So you have choices to either run the installer in it's entirety on the local machine or push out updates via the update site.

Not all updates are applied when using the update site method.  Read the release notes carefully to know if your issue is covered band by which method.  Also, you may not want the automatic update if you have not aplied at least CF1 to 7.5.  There is an admin update that must be done as shown below in the image.

There is quite a few packages as shown in this image:
Image:Overview of the Sametime 7.5.1 CF1 upgrade (updated already)

Also, the Single Sign-on with the operating system is now available, as well as additional dictionaries.  Those are added plug-ins that need to be deployed. Each comes with it's own site.xml that you can merge centrally or push into siteupdate.nsf from a Domino 8 server.  Then you get the user policies in place.

Let me run the update and full installer and let you know those results next
    for this posting

    On Thursday, August 2nd, 2007   by Chris Miller        

A Sametime cross site scripting vulnerability posted

From reading the web advisory and then the IBM technote, it seems to be all versions of Sametime, including 7.5.1 with an availble hotfix for all versions.  Future updates and fixes will contain the fix also.
Problem In very specific scenarios, there is a possibility that a Sametime® server could be exploited by a Cross Site Scripting vulnerability.   Solution In a specific instance, it was found that a precisely crafted Sametime meeting could potentially contain text that would expose a Cross Site Script vulnerability.

This can be addressed in Sametime 7.5.1 by applying an available hotfix. All future releases will contain this fix within the shipping version. Additionally, the same issue was not seen using the EMS server.

    for this posting

    On Wednesday, August 1st, 2007   by Chris Miller        

The Particls package gets an update (with embedded video)

People have been asking about how it works without installing it. Well the team updated the package with a ton of new features. They also put out a quick video that gives you a chance to see the new features and the actual reader in action.

    for this posting

    On Thursday, July 26th, 2007   by Chris Miller        

There is a typo in the July Sys Admin Tips Newsletter

Thanks to Lars for pointing this out, but there is a typo in the July Sys Admin Tips Newsletter that went out this morning.  I am glad so many of you read it.
So that will force the Eclipse part to start and then the 'basic' client inside the wrapper. Simply make yourself another shortcut that points back to the nlnotes.ini in the same root install directory

That should read to point to the nlnotes.exe and not the ini
    for this posting

    On Wednesday, July 25th, 2007   by Chris Miller        

Sametime 7.5.1 CF1 hitting the streets and a note in the fine print

Well interestingly enough there is more fixes in the CF1 for Sametime 7.5.1 (there is 84) than there was in CF1 for 7.5 (there was 69).  What you need to look out for is that if your fix happens to be in this maintenance release, some of the SPR's require a full installation instead of the site update version.

Keep that in mind when deploying the update.  Some of the features will not be updated properly without downloading and installing the full package just as you would for a fresh install.
    for this posting

    On Thursday, July 19th, 2007   by Chris Miller        

Newsletter follow-up - a tool/agent to report on user mailfile sizes and quotas


This is in regards to the entry in the May issue of the Sys Admin Tips
newsletter from someone who wanted a tool/agent to report on user mailfile
sizes and quotas. I had previously written an agent to generate just such a
report. It sends a simple text email with the report details. I've attached
an export of the agent as an .lss file which can be imported into any
database. The only other setup that needs to be done is to set a few
variables in the Initialize event (name of the server to run against, name
of the person(s) to send the email to).

Hopefully you can pass this along to the person who posted the entry.


Here is the download --> MailQuotaReport.lss
    for this posting

    On Monday, July 16th, 2007   by Chris Miller        

Domino 8 and key rollover, don’t do it just yet

CA key rollover not recommended in large organizations In Domino 8, administrators can assign a new set of public and private keys to a Domino certificate authority (CA), which are used to certify the keys of OUs, users and servers in that organization. The process of assigning new keys is known as key roll over, and is documented in the Domino Administration Help topic "Certificate authority key rollover."
The CA key rollover feature has not been tested in Domino customer deployments, so its use is currently not recommended in these environments. Organizations that want to become familiar with the feature are encouraged to use the feature to roll over the keys of a test CA, and then test users in their environment.

We are testing this on a test domain and found some oddities in who got updates and who did not, plus the variance in Lotus Notes client versions plays into it.

    for this posting

    On Friday, July 6th, 2007   by Chris Miller        

Quickr installation authentication issue hacks and resolutions

The error uncovered by myself and John Roling (Greyhawk68) is that upon a fresh, new, virgin Quickr 8 installation, you could not log in ad the admin account specified during setup.  It was guaranteed that the name was not in the directory, but it would not let me log in.  SSO worked fine as I was even able to log in as my name.

After some friendly cajoling to Rob Novak, I dug deep and found that the notes.ini variable for the Quickr admin name did not match the name in the LotusQuickr\LotuysQuickr\Admin.nsf database.  The very place you had to authenticate.  I even ran the qptool to change the admin password incase I mistyped it originally, no go.  Modifying the notes.ini variable to match the database ACL, creating a group to match the database ACL for the QuickPlaceSuperUser group and then adding the administrator group to that as a subgroup worked great.  I was able to log in as myself, change the directory, security and Sametime settings and it seems Quickr is flying high on our internal server.

Oh yes, do not forget to also do the technote changes for fixes for Quickr already.
    for this posting

    On Thursday, July 5th, 2007   by Chris Miller        

Trillian Astra - a new feature not seen in Sametime 7.5.x yet

I am on the new beta for Trillian and will talk plenty about it shortly.  But this one preference was more than interesting.  I talked to Adam G about it briefly and he named it TiVo for Trillian.  They call it Time Travel as shown in the image:

Image:Trillian Astra - a new feature not seein Sametime 7.5.x yet

Notice you get to replay quick bursts of audio and video chat.  Quite the cool tool when you miss something.
    for this posting

    On Tuesday, July 3rd, 2007   by Chris Miller        

I am liking the new user choice for taking databases offline

File - Make Available Offline  is the menu item that tells the user they can take the data with them (local replica).  Then they get a simplified UI with defaults already set that looks like this:

Image:I am liking the new user choice for taking databases offline

The best part is that if the database already has a local replica then the menu option is grayed out.  Cool!   Seems to be a very simple way for users to create local replicas of databases.. errrr..  applications
    for this posting

    On Monday, June 18th, 2007   by Chris Miller        

Sametime and LDAP issue/solution

I am calling this an issue whether it gets counted as such or not.   While working with a new Sametime 7.5.1  cluster (version doesn't really matter here) against a Domino LDAP cluster (version 7), we set a limit of 100 for the maximum number of entries returned against LDAP browsing and searching.

This broke the ability to add names to policies or browse from the 7.5.1 Connect client.  If I allow the maximum returned entries to unlimited, it allows you to add names to policies and browse from the Connect client.

In my humble opinion, I should be able to set a limit, still add names to policies and only have a certain amount returned when someone tries to browse the entire LDAP directory.  This would force the user to use a finer search string and release load on the LDAP server when there are over 20,000 users involved.

Make sense?  Bug or no bug?
    for this posting

    On Sunday, June 17th, 2007   by Chris Miller        

Interesting Quickr find inside qpconfig.xml

While we were building a Quickr cluster for testing here in Sweden we came across an interesting scenario.  They had set the hostname field in the server document to the DNS name of the cluster.  Then, when setting qpconfig.xml to utilize a cluster hostname we also set it to the cluster DNS name.  However, it started placing the DNS cluster name twice in a URL when creating places.  For example:

Now if we removed the qpconfig reference to the DNS cluster hostname and set it to a totally different host such as it worked perfectly.

The solution?  Remove the DNS cluster name from the server document hostname entry back to the actual DNS entry for the server and then reference the DNS cluster name in qpconfig.xml and it all worked great.  Apparently placing the same name in both causes a duplication but having alternate names get replaced.

    for this posting

    On Friday, June 15th, 2007   by Chris Miller        

The guys at Paticls found the bug in the package I had for you to download

One of you out there had a quirky RSS feed which was affecting the install.  If anyone has any issues grabbing and completing the new install please let me know so we can get it fixed right away.

So grab it right here or go back and read the previous blog posting.  I will post more tech tips around tweaking it shortly.
    for this posting

    On Thursday, June 14th, 2007   by Chris Miller        

New Sametime 7.5.1 feature? The server answers your chats when testing? (screenshot)

Image:New Sametime 7.5.1 feature?  The server answers your chats when testing? (screenshot)
    for this posting

    On Wednesday, June 13th, 2007   by Chris Miller        

Extra files for Admin2007 Domino LDAP session

Sorry for the delay, I was traveling out of the country right after Admin2007

Warning: I would zoom in many times.  The image is large in width and height to see all the font and information clearly.

Domino as Your LDAP Directory - Admin2007.jpeg
    for this posting

    On Wednesday, June 6th, 2007   by Chris Miller        

Extra files for Admin2007 Sametime Gateway session

Sorry for the delay, I was traveling out of the country right after Admin2007

Sametime Gateway extras.pdf
    for this posting

    On Wednesday, June 6th, 2007   by Chris Miller        

If you are having issues getting the new Plazes installler, here is the link

I know I had issues on one machine and got an IM from another person looking for the installer for Plazes 2.  So here you go!

    for this posting

    On Friday, June 1st, 2007   by Chris Miller        

Attensa responds to my posting on their new RSS reader for Sametime

It is nice to get feedback with either corrections or just plain happiness for a posting.  Attensa sent the Director of Marketing to show me that you can install the new beta of their RSS reader into your Sametime Connect client.  This beta has a few options in the install.  It will hook into Outlook, IE, Firefox and Sametime.  Nice touch, don't think you need it everywhere at once however.

It does prompt you to become your default RSS reader, so beware on those screens.  It also puts a desktop alerts icon in the system tray, I am waiting to see what that part does with a follow-up posting.  Here is the screenshot from the first part of the install after selecting ONLY Sametime components.  It did drop a nice amount of files into other areas however, not just a plug-in as one would normally expect.

Image:Attensa responds to my posting on their new RSS reader for Sametime
    for this posting

    On Friday, June 1st, 2007   by Chris Miller        

Notes 8 beta 3 integration with Sametime 7.5.1 oddity

So I loaded up the new beta 3 code and was happy to see everything it offered so far.  First weird thing (outside of the mail template that I am paying with and making sure I am updated right first) is that Sametime 7.5.1 can get installed and even places an icon in the system tray.

However, there is no click or double-click on this icon.  Only right-click that has status changes and the ability to log off.  If this will not offer the normal client functionality, then I say remove it.  More confusing that I cannot double-click and have it open my contact window or pop it open in the client.
    for this posting

    On Friday, May 25th, 2007   by Chris Miller        

Sametime 7.5.1 video and audio user prompt issues

Here in lay the issues:
  • I send a video chat request to another user, they get an audio prompt
  • I find out the local laptop firewall might be interfering and disable it temporarily
  • I get video to work (which runs across the UDP ports)
  • Recipient drops randomly and can't see text chat windows
  • I end video chat and text chat I was typing appears

Later, I check the memory utilization.  If I do not start a video or audio meeting, I can get the memory down to 5MB or so after the initial launch through the old bug they still have in how you minimize the client.

However, if I run a video chat, no matter how I minimize the client I still eat over 40MB of RAM.  I will grab some screenshots shortly.  This is amazingly high compared to any other chat program I run, even Flock
    for this posting

    On Wednesday, May 23rd, 2007   by Chris Miller        

As I mentioned Fri, new Connectria hosted bloggers to announce

I went ahead and started the process of adding memory and shortly some new processors and diskspace to the blogger server.  We are growing at a nice clip, not too much at once.
  • Stuart McIntyre will be moving over the QuickrBlog, LotusConnectionsBlog and CollaborationMatters
  • Richard Thomsen started up the blog (I need to get him not to forward and to point it to the server I see). He talks about kayaks and Domino.  Interesting combo.
  • is also live from Michael.  While I can't read a thing in it, Babelfish might be a good idea here
  • Carl TYler moved over a while ago

    for this posting

    On Tuesday, May 22nd, 2007   by Chris Miller        

Sametime Gateway install/upgrade issues update and solution

I frustratingly gave up on the upgrade path after getting a couple more emails of the same issue happening to them.  So last week I stopped  trying to run the scripts IBM sent and wiped the machine of all components of the gateway.  That meant Websphere, DB2 and the gateway code itself.

I totally reinstalled 7.5 FP1, then patched Websphere to and the gateway to 7.5.1.  All seems to be well at this point.  But note, when I say removed and reinstalled, I did not create any community connections until the code was upgraded.  Apparently if there is any community defined, the error commences.  Without them, or a new install, you are good to go.

So I am back on AOL, Google Talk and Yahoo through the gateway.
    for this posting

    On Monday, May 14th, 2007   by Chris Miller        

Sametime Gateway 7.5.1 new installs have different directory paths then previous.. should have seen this coming

While performing a fresh install of the new code, Sametime Gateway 7.5.1, I found that the path for the Gateway code itself now defaults from the previous RTCGateway to STGateway.

DB2 also takes a new table name as STGW.  While the upgrades will work just fine, it is interesting to see such changes as this.  I imagine this has much to do with the renaming of the product from the original Real-time Collaboration Gateway to Sametime Gateway last year.

However, the profile name does remain the same at RTCGW_Profile and the server as RTCGWServer.  Weird some areas made the shift but not others..
    for this posting

    On Wednesday, May 9th, 2007   by Chris Miller        

Sametime Gateway frustrations on the 7.5.1 upgrade

We went through this before with the FP1 patch for the Sametime Gateway.  If you refer back to my previous posting, once the patch was applied it destroyed the portlets for management of the Gateway portion in the Integrated Solutions Console.  It was easy to fix by uninstalling the patch.

I then mentioned that I went through the 7.5.1 upgrade and it did the exact same thing.  Now I have been getting some help from Lotus, but I don't get how having communities defined would break the install.  I also thought it might just be me until I finished a customer call this morning who had a pilot of the gateway running.  They attempted to upgrade and got the same exact same portlet destruction.

Pardon my frustration..
    for this posting

    On Tuesday, May 8th, 2007   by Chris Miller        

Lotus Connections invites started hitting mailboxes today for Greenhouse for more select customers and partners

****Just to clarify, this is a separate instance and install of Lotus Connections from paxos that got announced for BP's yesterday.

This site allowed self nomination some time ago and apparently has had people in it for a while.  Growing slowly, just like a greenhouse would grow plants.

First impressions are that this could be a very cool way for partners customers to start communicating from all over the globe.  The site is a bit bogged down, I imagine over the demand of everyone logging in.

Do not panic if you cannot edit or update your profile yet.  Read the fine print.  It can take up to 24 hours to get your profile built into the system.  While you can log in, you just can't update it yet.

The intro screen is cool with hints of Quickr to come.  I would love to see Sametime tossed in there for presence.  This does add a minor change to my Activities plug-in in the Notes client.  I had it pointed to the wrong  IBM server it seems.  Not Greenhouse.

As I just around Greenhouse some, you will see there is a heavy European presence that has been in there for weeks creating communities, Activities and profiles.  So don't be surprised to see almost 900 bookmarks already in play.
    for this posting

    On Tuesday, May 1st, 2007   by Chris Miller        

Pre Partnerworld 2007 dinner talk about Lotus Connections

I had the chance to take some other business partners to dinner last night while they are here for Partnerworld in St Louis.  We had the mixed conversations around business and fun.  One thing that came up was this very Lotus Connections site.  A lot of interest is being generated about the site and some of the wonderment of where it will take us.

Will it be the start of a BP "MySpace" or "FaceBook" with no long term inherent value?  Or will it grow into a full networking, people locator, community of interest, project (activity) sharing and link sharing that you would dream.  Can it handle the influx of visitors it will generate soon?  Where the heck is the integrated Sametime? 

Sit back with me and watch. Martha Mealy posted about the attempt to find relevant statistics for collection.  I strongly agree with that question she put out to everyone.  What are valuable stats?  Number of hits? no.  Number of communities? no.  Usage patterns of features? yes.  Blog entries? no.  Profiles? no.  Searches against profiles? yes.

the list grows....

    for this posting

    On Monday, April 30th, 2007   by Chris Miller        

Sametime Connect 7.5.1 upgrade concern passed on to me

I have not tested this yet as I was uninstalling the beta code or upgrading beta code.  So if you have older versions, confirm this since I do not have a moment to do so right now:
On the 7.5.1 Connect client installation, it asks if you want to remove any existing Sametime 3.x or 7.0x.  Generally you would say yes as I did.  It then identified that I had Sametime 7.0x and asked if I really wanted to remove it.  That was OK because I knew what was going on.  But the problem is that I didn't have Sametime 7.0x, I had 7.5

P.S. after I installed, I launched it and the About splash screen didn't go away.  But that was fixed once I rebooted. :-)  

    for this posting

    On Friday, April 27th, 2007   by Chris Miller        

An intermittent Sametime Connect 7.5.1 bug starting to appear

I had seen this before and heard it from another person but could not get it to reproduce on any consistent level.  However, it has now hit the Sametime forum on as a thread.

It seems that under certain circumstances the Sametime Connect 7.5.1 client keeps looking for the Microsoft Outlook profile.  Even with Lotus Notes clients on the desktop and Outlook not configured.  A check of IE shows that the mail program preferences is also set to Lotus Notes, so no conflict there.

There is the new Office integration component that is offered, however the client still prompts for Outlook profile upon launch after configuring it to use Notes.
    for this posting

    On Thursday, April 26th, 2007   by Chris Miller        

A Sametime 7.5.1 question I got in email last night

I imagined someone would ask eventually or at least figure it out.
Hey Chris, saw all your postings today on 7.5.1.  I downloaded the new client but don't see anything but the full exe file.  Do I need to expand that to get the Eclipse update or will that be coming soon?  Great postings, thanks!

Well that is a great question.  One I have asked.  You would expect with all the hype around Eclipse and provisioning clients you could simply toss some code for a site update.  While this would be many files and larger than a normal small push, it would all be done in the background and then they get restarted and viola.  However, Lotus said they were not ready for it at this release, or something in those words.  You get the drift.

So what that means is you must have each client download and install the full new code, just like a fresh install would be.  It will upgrade seamlessly, it is just a packaging step you need to do.
    for this posting

    On Thursday, April 26th, 2007   by Chris Miller        

Sametime Gateway 7.5.1 upgrade issue - broken in under 3 minutes this time

I first reported this issue back in January, as seen here Link    It seems that if you have existing communities in the Sametime Gateway and attempt to upgrade it breaks it all.  Now how do I get back is what I am figuring out right now.  This was immediately after the 7.5.1 upgrade, WAS .7 patch and launching.  Then a restart and launch did the exact same thing.

Image:Sametime Gateway 7.5.1 upgrade issue - broken in under 3 minutes this time
    for this posting

    On Wednesday, April 25th, 2007   by Chris Miller        

Installing a plug-in without restarting Sametime Connect 7.5.1 client

You receive the choice to restart the Sametime Connect 7.5.1 client after installing a new plug-in.  You can also apply and continue working and restart later to activate the plug-in.  I chose to apply and keep working.  I got the following:
Image:Installing a plug-in without restarting Sametime Connect 7.5.1 client
Either that is a cool white plug-in or something is amiss
    for this posting

    On Wednesday, April 25th, 2007   by Chris Miller        

Things you will see, shouldn’t see and hope get fixed in the Sametime 7.5.1 client

I loaded the new gold client on a couple fresh machines to see what results we got.  While the new UI is shiny and nice like I promised, here is what I saw on the "hope it was fixed" list:
  • The memory utilization is crazy.  Upon launch with no plug-ins loaded yet, it was 67MB of RAM.  Compared to other chat programs, that is an easy 3-4 times larger for some of the exact same functionality (like Yahoo messenger 8.x)
  • If you happened to load the previous Eclipse updates for the Sametime Gateway on your Sametime 7.5 CF1 server, then you get the following prompt that new code was added.  However, this isn't newer as they changed the numbering scheme (see image below)
  • You are not prompted to change your geographic location for the new install and fill out you location information
  • You users will appreciate the icon changing from Sametime Connect 7.5 to Sametime Connect (no version number listed).
  • Privacy settings for different communities is still a single point and not set up to support the feature of logging into multiple communities
  • It seems some people are getting two instances of the client when they install and click to Launch the client right away instead of closing the installer and then launching.

 Image:Things you will see, shouldn’t see and hope get fixed in the Sametime 7.5.1 client
    for this posting

    On Wednesday, April 25th, 2007   by Chris Miller        

Domino 7.0.2 FP1 doesn’t fix the nHTTP crashes? Lotus says so.


Java virtual machine (JVM) changes made to Domino 7.0.2 are causing nHTTP crashes.


If you are running a Lotus® Sametime® server release 7.0 or 7.5 on Domino® release 7.0.2 you may experience nHTTP crashes.  These crashes do not occur in versions of Domino prior to 7.0.2.

This issue is under investigation by Quality Engineering as SPR #TTRT6XBQPE.  Until a fix can be provided, the following workarounds are available.   Note that 7.0.2 FP1 does NOT fix this issue.

  1. Do not upgrade to Domino 7.0.2 (or later) on any Sametime servers running on Windows.


  2. Revert to the JVM from an earlier Domino release.
    To do this, copy the \Lotus\Domino\JVM folder from a pre-Domino 7.0.2 installation and overwrite the same folder on your Domino 7.0.2 server.   Be sure to make a backup of the existing JVM folder before taking these steps.
    For Unix and Linux the JVM is located in /opt/ibm/lotus/notes/latest//jvm/ by default.

    for this posting

    On Tuesday, April 17th, 2007   by Chris Miller        

Update on the Blackberry and Domino 8 posting I made

An excerpt from the pdf found

BlackBerry servers may crash unexpectedly when the server Name and Address Book (NAB) is upgraded to the new Notes/Domino 8 design or when users switch to the mail8 template. On your server console, you may see an error similar to the following:
Process E:\domino\nBES.EXE (4172/0x104C) has terminated abnormally
In addition, NSD may or may not activate. In either case, the BES task is not functioning, and BlackBerry users will be unable to receive mail.
Workaround Administrators should upgrade to the latest BES release that has Domino 8 support.

It's page 18 and 19.

Read the pdf right here

    for this posting

    On Monday, April 9th, 2007   by Chris Miller        

Microsoft Transporter hit the streets

This should be interesting:
Brief Description
Microsoft Transporter Suite for Lotus Domino is used for interoperability and migration from Lotus Domino to Active Directory, Exchange Server 2007 and Windows SharePoint Services 3.0.

Anyone tested the gold release yet?  You need the following installed also:
  • MMC 3.0
  • Windows Powershell 1.0
  • Microsoft Exhange Server MAPI Client and Collaboration Data Objects 1.2.1

I will load them on the test machine and see what we get.

The Release Notes
The actual product page
    for this posting

    On Saturday, April 7th, 2007   by Chris Miller        

In case you missed the March 2007 Sys Admin Tips newsletter

You can find it right here.
    for this posting

    On Saturday, April 7th, 2007   by Chris Miller        

Blackberry and Domino 8 beta issues

If you are running Blackberry server version 4.0.x or something below 4.1.3 (so far in our testing) and then load the Notes 8 client or server and change your mail template you make the BES server go boom over and over and over.  We had a mail template modified to Domino 8 and then the BES 4.1.0 server hit it and it crashed continuously for some time until we found it.  Our internal server is 4.1.3 and we have had no issues with the Domino 8 templates.

However!  RIM states no support of Domino 8 in any fashion at this time so run at your own risk
    for this posting

    On Friday, April 6th, 2007   by Chris Miller        

Location awareness in your IM client

I was just sitting here thinking about location awareness features in Sametime AOL it seems.  From the provider Skyhook comes a free plug-in for AOL to show location awareness of who is around you if enabled.
Mobile IM
AOL has released a location plug-in for its AIM messaging client. The plug-in, developed by Skyhook Wireless, allows AIM users to see where people on their buddy lists are physically located. Skyhook tracks locations by using the wireless pulses emitted by all Wi-Fi transmitters, including Wi-Fi-enabled computers. The AIM plug-in allows users to add a new "Near Me" group to their buddy lists. This group will show usernames of those AIM members who share their locations and are within a set distance. The plug-in, which is a free download, also enables users to see a buddy's location on a map as well. Currently this is available only for PC users - however Skyhook has said it expects to see the location capabilities eventually integrated with AIM clients on mobile phones.

Interesting twist as the race continues for IM domination...
    for this posting

    On Friday, March 23rd, 2007   by Chris Miller        

Having just said I liked the icons, now it seems we have a DST bug in the Notes 8 beta

I was using the nice slide out calendar "Day At-A-Glance" part of the Standard client.  Now the usual day view was great but the Summary list gave an issue.  All was an hour off as shown in this image.  Plus no icons like the other view.
Image:Having just said I liked the icons, now it seems we have a DST bug in the Notes 8 beta
Hmmm, something is amiss here
    for this posting

    On Thursday, March 22nd, 2007   by Chris Miller        

I like the new Notes 8 calendar entry icons for some reason

Here is a screenshot of the new icons in the calendar entries.  It even shows if you were required or optional in the text which is a nice touch.
Image:I like the new Notes 8 calendar entry icons for some reason

The users gets it, the users understand it and for gosh sakes they don't have to call me about icons
    for this posting

    On Thursday, March 22nd, 2007   by Chris Miller        

Another reason not to just randomly turn the /3GB switch on your 32-bit Windows machine

We have a customer with enormous amounts of disk usage on single Domino servers.  They started crashing recently.  After numerous talks and escalations with Lotus, sending of crash files numerous times per day as this progressed, they finally stated the stunning line.  Even though the IBM Performance Redbook for 7.0 talks about it, technotes (below #1233872 published this year) state it and IBM'ers have it in sessions, there is an underlying issue.
For example, with Win32, the default memory available to each Domino partition is 2 GB.  There is a switch to increase memory to 3 GB, but that solution has a performance impact of ~10% CPU utilization.  With Windows 2003 x64 Edition and Domino 7.0.1, this switch will not be needed and 3 GB will be supported by default.

So the issue is that with large data stores (this is over 2TB we are talking right now), the /3GB switch causes crashes.  While the internal IBM info is not published at this time, I hope it will show.  The funny thing is that this exact issue affects Exchange shops too as shown in this posting.  I found a warning on Ed's blog, under comment #8.

This led us to find out about the transaction logging issue with 7.0.1 so we are headed for 7.0.2 with no /3GB switch.  Let's see if we can get that new technote.
    for this posting

    On Tuesday, March 20th, 2007   by Chris Miller        

Domino 8 Beta 2 install..

I had some clean-up to do since apparently beta 2 will upgrade fine over 7.x and 6.5.x versions but not beta 1 installs.  It kept running to about 80% and really wanted to find the .msi file for iTunes for some reason.  Those silly things drive me nuts.  I got around that eventually.

Well in the ReadMe file there is a section about uninstallation of the versions that cured my issue it seems.  Some loose files left over in the C drive, a folder in the old installed program directory and 2 registry deletions and I was on my way.  It launched fine, worked well (except the local NAB still) but crashed on the way closing.  I will reboot now that install is done and see how we fare.i
    for this posting

    On Monday, March 19th, 2007   by Chris Miller        

Server crashes in Notes 7.0.2 FP1 don’t make proper NSD’s without fix from Lotus

Seems we had crashes on 7.0.2 FP1 servers after this weekend and we discovered that proper crash information was not being collected.  Seems we all need a replacement for NSD from IBM to make it collect properly.  I would expect a technote and/or fix shortly...
    for this posting

    On Wednesday, March 14th, 2007   by Chris Miller        

Sametime 7.5 plug-in for Plazes, why yes it is free

Many of you know there is a few of us bloggers that use Plazes to show where we are or have been in the world.  You can see mine over on the right side of my blog.  Well, while in Germany, I found out about a partner that wrote a Sametime 7.5 plug-in that replaces the local Plazes program on your computer.  Supposedly, the newer one will even help set your location setting in the Sametime client.  No more typing at new sites!!  The screenshot looks like this:

Image:Sametime 7.5 plug-in for Plazes, why yes it is free

So go and get it from or use the very simple site update they provide if you have trouble reading German.  You can use the site.xml for your client at the following:

    for this posting

    On Wednesday, March 14th, 2007   by Chris Miller        

DST bug again on changing calendar entries, or maybe not

OK, so if you ran anything before the recent .7 version of the mailfile agent, it might appear that it went well and fine.  But odds are it did not get everything.  What we found, and confirmed on today's DST call is that the agent will process faster than the document collection can occur.

What this means is that while the agent completes, it might have skipped certain documents in the user's calendar.  Of course, this is totally random.  We found most mailfiles were good, but then some would have appointments that did and did not convert.  Running the new agent again against these mailfiles seemed to solve the issue.  WAS far as we can tell because there is not enough time to go through the properties of each entry and find the timezone values.

So good luck once again..
    for this posting

    On Wednesday, March 7th, 2007   by Chris Miller        

Anyone care to explain how McAfee SpamKiller doesn’t work with Lotus Notes emails? I think this is fishy

I came across an article stating how SpamKiller 4.x cannot read Lotus Notes generated emails in it's native format.  I took this to mean that it did not like encrypted mail messages.  So instead of passing it through it seems to totally strip the content of the email body from the message and send the header.

Now normally I would laugh and enjoy the humor.  However., there is a link on the McAfee site that takes you to a simple statement form them that they do not support Lotus Notes in it's native mail format, use POP3 and then it links to an Oct 1998 article on LDD about setting up local POP/SMTP accounts.

So I browsed their site and came across the product page which states it supports Lotus Notes and the other product.  SO I am guessing this article writer is pulling old data out to stir the pot since the link was for the R4 version of the product also.
    for this posting

    On Wednesday, March 7th, 2007   by Chris Miller        

Lotus steps up and offers ’Open Mic" conference calls and demos for DST changes

If you were unaware of these I would get on them now.  The calls let everyone ask any question about the DST and you get to hear all the oddities people have.  One person today actually was removing the local cache.dsk for a few users that had a couple people that still couldn't see all times right and then and all was well.  Lotus hadn't heard of that one yet.  So bring your questions and get on the calls.  I am not sure how they generated the list to notify people either.  They have Scott Vrusho on the call as well as many others.  Humorously my last blog entry popped up on the call.
IBM is holding daily "Open Mic DST Calls".  These calls are intended to
provide a forum for our customers to bring their questions, concerns etc..
around DST to us!  Our goal is to provide them with the information they
need and to answer the questions that they have in order to ready their
systems and WPLC products for the DST changeover.

IBM has planned calls for Tuesday - Friday  (March 6th - 9th) and March
12th from 12:00pm - 1:00pm Eastern.

Tuesday 3/6 -
Conference Access:
Toll free:   1-888-732-6202
Toll:        1-719-457-1017
Participant Passcode:  893498

Wednesday 3/7
Conference Access:
Toll free:   800 214 0745
Toll:        +1 719 457 0700
Tie:         650-3309
Participant Passcode:  158121

Thursday 3/8
Conference Access:
Toll free:   1-888-373-5705
Toll:        1-719-457-3840
Tie:         650-3310
Participant Passcode:  547292

Friday 3/9
Conference Access:
Toll free:   1-866-237-3252
Toll:        1-719-457-1018
Tie:         650-2636
Participant Passcode:  163964

Also, the demo videos can be found here:
New Videos show sample scenario of applying DST change to Notes and Domino

New video instructions (screen capture with audio narration) have been provided. These videos demonstrate how a Notes calendar is impacted by the DST change and show one scenario of applying the necessary updates to allow for the new Daylight Saving Time definitions. The download link to the videos is embedded within the "C&S Agents" technote below.

Title: Agents for updating Calendaring and Scheduling entries and Resource Reservation entries for Daylight Saving Time (DST) 2007

In addition, a video has been created to demonstrate how to use the Java Time Zone Update (JTZU) tool for updating DST information in your Java Runtime Environment(s). The JTZU video can be accessed via the following updated technote:

Title: Using the IBM Time Zone Update Utility for Java (JTZU) with Lotus software products

    for this posting

    On Tuesday, March 6th, 2007   by Chris Miller        

DST Resources agent warning - a new bug found

Yes it is reported to Lotus now, NO the new agent (.7) does not include this fix.  Apparently the Rooms and actual resources in the database have their own TimeZone field stored with them.  When you go to schedule a meeting and include a specific room or resource the freetime is off since the physical resource still has the old timezone information stored in it.  This was tossed into Domino some time ago to help show specific timezones for each resource that may be located in different places in one resource database. However, the new agent does not change the timezone as shown below.

You then go in an edit and resave the document (or run an agent to refresh them all) and you get the following.

Ignore the Adminp statement if you edit and resave.  It is the saving action that does it apparently.

    for this posting

    On Friday, March 2nd, 2007   by Chris Miller        

Reactions to slides and information from WPLC tech call on Lotus Connections this morning

I had the podcast with Alan Lepofsky at Lotusphere2007 on his new role as evangelist for Lotus Connections as a starting point to this whole Lotus Connections thing.  Well today there was an IBM/business partner tech call for the product which I made sure I was available for.  We are getting interest in hosting this product for customers already and I wanted to see architecture and anything else I could grab.

The blog technology is based on open source for this, using the Roller technology.  This is an easy way to get users started but also the floodgates on information.  One of the speakers even stated this was not a highlight of what Connections has to offer.

Currently only ITDS and Active Directory 2003 are supported.  They are 'actively" looking at properly utilizing the Domino directory for the LDAP services.  This is something that was addressed during Q&A at the end.  Domino support is crucial to many enterprises that have based and aggregated themselves around a Domino directory choice.

There will be a pilot and production install options.  The pilot builds the required tables on DB2 for you and the WAS part is a very basic install with security needs.  Much like the Sametime Gateway base install.  All the services are installed for testing ability in the pilot mode.  Production will offer standalone or clustered services with the ability to include or not include parts of Lotus Connections.  Data preservation should be preserved if you move from pilot to production.  This is a great way for customers to get their feet wet

A slide was pushed on ITDI (IBM Tivoli Directory Integrator) abilities to allow enhanced profile support across data sources.  ITDI will be offered as a bundled part of Connections.  A good move on the part of IBM to allow a greater building of profiles from numerous data sources.  Such as a Domino directory for usernames with HR info on profiles.  Using some data mapping in XML you could build a nice table and hierarchy for profiles, including skillsets.

If you read my LUG Sys Admin newsletter I had some initial candid talk about Lotus Connections inside.  I would suggest popping over there for some beginning thoughts.
    for this posting

    On Wednesday, February 28th, 2007   by Chris Miller        

DST steps from the sweep we did

I said I would type this up so I went one better and recorded a mini podcast from the St Louis User Group meeting today where we talked about the DST changes we did at Connectria. I will compile that tonight and get that published.

But as a quick note, look for another new agent ( to come out and fix some of the looping script errors we received on numerous servers while running the server based agent against the mailfiles.  We saw this on more than a few customers across versions of templates as well as Domino versions.  It drove us nuts, and wasted a lot of time to have to go into the text files and remove the offending user mailfile to get the agent to run on.  Until it encountered another one and looped again.  Now some ran without incident.  Others stopped more than 20 times on larger sites.

I also talk about the order we did things and across the product lines.
    for this posting

    On Tuesday, February 27th, 2007   by Chris Miller        

Blogging our DST patch morning live

5:00am - Quick team meeting in my office to go over everything we need to get done.  Blackberry pushes and Sametime are first up on the list.

- So first up for me was the Sametime servers.  Others were prepping the DWA, calendar and RnR stuff.  I have some of those to do in a bit, but I started with our internal servers first.  Running the JTZU patch took far too long to search the Sametime systems.  You really cannot run this tool in interactive mode since then you need to specify what gets updated and you have no clue.  It even prompts you that letting it search could take hours.  It really only took a few minutes when all was said and done to find what needed updating.  It did take a while to run however.

- This was incredibly frustrating when the IBM support site was up and down all morning also.  Yes we have knowledgebase locally, but it is faster to web grab some of the files.  Also, it also would be nice not to get just random error messages on documents not existing when you know they do.

- First batch of RnR changes completed and one test mailfile set done.  One weird error on one customer and the rest went smooth so far.

- Script errors when the calendar agent runs on a bad mailfile in the text list.  We find endless script loops running.  Removing the last mailfile attempted (and all previous completed ones) from the text list and restarting the agent fixes it.  Some clients have no issues at all, others have a handful that cause grief.  It has you going back to each server and making sure it it not looping.

- The path for managed and hosted server is an issue, so we created numerous agents with different drive letters that we can fire off.  Now AS/400 and some random servers ever have different data paths from the norm.  Standardization I say, standardization.

- Encounter first Domino Directory in foreign language.  Script in agents only works on English views.  It says it can't find the Server\Mail Users view.  Which is there, however it is Servidor\Usuarios do Correio. First glance doesn't show where the agent grabs that view name to change it.

So I will give another (after much sleep) overview tomorrow on steps, commands and other things we figured out and streamlined as we went along to make your life easier.
    for this posting

    On Sunday, February 25th, 2007   by Chris Miller        

Have spare resources, run the DST agents in tandem

We are finishing the final prep for the big change this weekend and I came across a small section of the technote that stood out as a time saver as no one will be on the servers during the time we are patching.
1. To run as multiple instances (i.e., four instances), copy/paste the agent multiple times in the same database, and change the name to "AdminAgent1", "AdminAgent2" etc.
2. Ensure you have the server setup to run the desired number of concurrent agents in the Server document in the Domino Directory. The "Max concurrent agents" setting is found on the Server Tasks -> Agent Manager tab. Note: There are separate settings for "Daytime Parameters" and "Nighttime Parameters," make sure that you set each as desired.
3. Repeat steps 1-5 from the section above on configuring the agent to run in the background:
- in step 1, ensure that multiple TXT files are used to evenly divide the list of files to process
- in step 2 ensure the individual agents are edited to point to the individual TXT files
- in step 6, simply issue "Tell AMGR Run" for each of the individual copies of the agent:
i.e. for 4 agents it would be the following
Tell AMGR Run "mail\AgentDb.nsf" 'AdminAgent1'
Tell AMGR Run "mail\AgentDb.nsf" 'AdminAgent2'
Tell AMGR Run "mail\AgentDb.nsf" 'AdminAgent3'
Tell AMGR Run "mail\AgentDb.nsf" 'AdminAgent4'

So notice the key area about having enough Amgr threads defined to run all the instances you wish.
    for this posting

    On Friday, February 23rd, 2007   by Chris Miller        

DST preparations - step 1, read technotes and run in circles. No, ok really here we go...

So reading the technotes we have some gaps in what will transpire and in what order at most customer sites.  A lot of this relies on the ability, or timing, of getting the desktop operating system patched.  If you follow the simple step plan in technote #1254624 you will see that (1) the server OS gets patched, (2) then the Domino version (if possible), (3) the JTZU for Sametime servers or other Java dependent apps and then it gets fuzzy.

(4) is in relation to putting the OS patch on the clients.  For one thing, Lotus suggests that the Notes client is closed when the patch is applied.  How many of your users leave the client open all night long?
The computer should be restarted after the patch is applied and before restarting Notes.  If the computer is not restarted after installing the patch, Notes will return the old time zone information for time zones other than the current time zone.

A lot is riding on this client restart or even patching.  I am also not sure how you are forcing your users with machines at home or laptops to do it.  If you start scheduling meetings across the clients that do and do not have the OS patch, then you will get variances in what they see and how correct they are.

Now to toss in some confusion, (5) should be done as soon as possible in relation to the OS updates.  This is finely designed and choreographed dance folks.  The amount of errors that DWA users will get relies heavily on this.  See technote #1241063 for the alternative issues.  From simple error pop-ups to meetings getting scheduled in Greenwich Mean Time, I think we have a problem here.  There is no way to get all those DWA user machines.

(6) moves on to the RnR database and the users mailfiles.  Now, if the users have local replicas also, they should be grabbing the change agent through replication before you run it on the server too.  See technote #1254639.  The RnR Manager must be shut down when the agent runs, and you even get a prompt while running this from the database Action menu.  Note, you will be signing these agents with some id file that needs at least editor access to the RnR database.

I will have more info for you to follow this one as we finalize and formulate the plan to update servers globally, hopefully it helps.
    for this posting

    On Wednesday, February 21st, 2007   by Chris Miller        

Interesting music site I found and how it is provided

As many of you know I am a music fiend and always looking at new ways to hear/listen/filter.  I have the local collection (way to big to hear it all) and also the Yahoo streaming with a custom channel.  Well I came across a site today that I found quite cool and a neat way to navigate moods/tempo/etc.

It was called Musicovery and I happened to stumble across it.  You can select year ranges/tempo/mood/genre and all of that in a sliding connected image that let's you choose paths.  There is like 18 genre's and then sub moods then a sliding bar for year coverage.

Image:Interesting music site I found and how it is provided
    for this posting

    On Saturday, February 3rd, 2007   by Chris Miller        

Announcement: A search site for Lotus related blogs only through Google Custom Search

A customized Blogger search ability

I find it hard to see all the blogger sites at one time looking for content when we all do not tag the same way.  So I have 83 sites already listed (from my own links) and will take more and even volunteers for the Custom Search Engine on Google.  Alan L started one quite a few months ago but I think this has broader appeal.  Since we all do not use Technorati the same way, but wish to see who said what on a topic, this will search only the blog sites and not hear the noise from everywhere else

    for this posting

    On Friday, February 2nd, 2007   by Chris Miller        

Sametime Gateway - now you see them, now you wish you used the @aol in the name

Working with the product as much as I do I encounter some weird little nuances every so often.  Here is a couple for you to ponder and watch out for..
  • The Clearinghouse works well for adding and names and does not fare well with names
  • If you add someone to your buddylist with an alias it does not add the little fancy orange running dude next to their name and instead adds the globe.  This , of course, gives no indication that they are even an AOL person you added.  I need to try this with Google Talk and Yahoo in a few

    Image:Sametime Gateway - now you see them, now you wish you used the @aol in the name
    • If you add someone with an alias to your buddylist from, you can never again see their online name from the UI.  You can go local into the buddylist file, but not from the client.

    for this posting

    On Wednesday, January 31st, 2007   by Chris Miller        

How to destroy your Sametime Gateway server in 21 seconds

So I willingly placed the fixpack 1 onto the Sametime Gateway server this morning.  In a full 21 seconds flat of install time.  Now as for the install, I am not sure why this couldn't be wrapped into a simpler exe file or even something to use the Websphere Updater.  It required a nice long script to typo in with plenty of room for typographical errors to make you try and try again.

Much to my humor after it was installed, it destroyed the management screen changing the gateway section to portlet entries that would not launch as shown below.
Image:How to destroy your Sametime Gateway server in 21 seconds

So I went back in and uninstalled following the simple task of switching the word install for remove.  Another 21 seconds later and I am back in business, without Yahoo integration, but back in business.

   [delete] Deleting dir



Total time: 21 seconds

    for this posting

    On Monday, January 29th, 2007   by Chris Miller        

Playing with a customers new Barracuda

I was forwarded an interesting little email from one of the other admins here.  He had found a link inside the admin screens on the Barracuda 400 model for a Lotus Notes mail template.  Downloading it showed version 6.5.7 (which was weird) but looking at it, it was a change to the extended mail template.  The work was done by Thuridion, a California based company from searching and locating a press release on this very topic.

It was an interesting touch if we could move those deign elements into the Domino 7 template and provide a hook into the Barracuda natively from the user's mailfile.  Anyone have experience with this integrated template in production yet?
    for this posting

    On Thursday, January 4th, 2007   by Chris Miller        

Omnifind plug-in for Sametime 7.5 from IBM

I downloaded the deployment plug-in (not the source version yet) to test it out and see what help it could provide.  The first thing I noticed is that it unpacked into the wrong directory.  You are supposed to download the zip then unpack straight to the plug-in directory of the Sametime client.  It added an extra folder layer so I moved everything up to the root folder and it started working right away.  No big deal, just packaging.

From there I started manipulating the browser to use (a button to browse the local OS would be nice instead of having to figure out and type it in manually) and what search host.  I couldn't figure out how to use my Sametime custom search engine yet, but it worked well otherwise and you can change the name and play with some of the basic code to make a nice internal Intranet and specifically targeted search.  You could then deploy this to the right people for some good quick reference help.

Take a peek if you haven't.
    for this posting

    On Wednesday, January 3rd, 2007   by Chris Miller        

Sametime Gateway nuance of the day (yes again)

So I received an inbound chat to Sametime from an AOL person through the gateway.  This person was not on my list previously in Sametime as a buddy.  So while in the chat I clicked the Add icon and they were successfully listed in the right group.

However (isn't there always one of these with me), they showed with the custom icon for the community and not with the little AOL running man.  So I removed the username entirely from my buddylist, and then manually added a new contact from the buddylist window.  I choose external contact and add the AOL name and the AOL running man shows up just fine.

Bizarre and makes sense in a weird way, it is broke.
    for this posting

    On Friday, December 29th, 2006   by Chris Miller        

Sametime Gateway nuance of the day

Do not look at these postings as whining or complaining, just things the users need to be aware of in usage in advance so they do not question you later.

I never looked until today, which I should have.  While running the Sametime Mobile client for Blackberry, you can see all your AOL and gTalk contacts just great.  However, when they see you through the gateway, they do not get the mobile icon like other Sametime users see.  This might be a limitation of the gateway itself, but users will notice, trust me.

So what you get is the standard online and status ability, just not client type indications.
    for this posting

    On Thursday, December 28th, 2006   by Chris Miller        

Sametime Gateway - adding a person as an alias "bug" to me

If you add a user from the Sametime Gateway with an alias name, such as IdoNotes@gmail dot com, but give it a friendly name such as Chris on GTalk, you can then never again see the email address you add.  I tried looking at Edit Nickname from the menu, but that only let's you change what you set, not see the address you added.  I saw nothing under the menu items either.  Yes, you could look at local XML, but for a user that will not fly.

So chalk this one to a 'feature request' I guess.
    for this posting

    On Tuesday, December 26th, 2006   by Chris Miller        

New loosely undocumented error when migrating

While performing an upgrade of version and hardware swap from dedicated to VMWare, I had one sticky issue for a client. We performed the whole upgrade remotely, no reason to be sitting there for this one.

Here is the issue.  After loading 7.0.2 in the new VMWare, we shut down the old 6.5.3 server and began the simple mailfile and few database copies.  We brought the server up under the old name and started seeing countless lines of the different tasks with the same error message
"cache entry not found"

No maintenance or convert task would fix it.  Convert, Fixup, compact, index all failed with the same error.  Yes, all of them.

Now I searched Knowledgebase and online to limited success.  The Sched task, RnRMgr and HTTP were all reporting this same error.  Well with numerous tweaks to the Google search, I finally found some insight. The customer had moved to a single copy template (SCT) for the DWA 6 infrastructure.  When the databases were moved over, the SCT templates in use were not.  I simply moved those over and the server came right up with the error removed.  Convert then ran successfully to move them to DWA7 and then compact to reclaim much of the unused diskspace.

Issue solved and into the books for another oddity of undocumented weirdness.
    for this posting

    On Monday, December 18th, 2006   by Chris Miller        

Sametime Mobile on Blackberry error I am encountering

I have a public group from our corporate directory.  Not a large one, maybe 40 people.  I can talk to most everyone just fine while using Sametime Mobile on the Blackberry 8703e.  However, there is one person I go to talk to and it throws the following screenshot error.  I wonder if it has to do with chat history

Image:Sametime Mobile on Blackberry error I am encountering
    for this posting

    On Thursday, December 14th, 2006   by Chris Miller        

Sametime Gateway status here

AOL is now connected fully and NULL errors seem to have vanished with much tweaking and un quietly announced patches.  Google Talk went live today and seems to work fine, it prompted me for the authorization to add awareness and to my buddylist, I am still waiting on the green light however.

I am getting lot of IM's and a few emails over setting this up and I hope to have a nice document shortly to answer those burning questions for all of you
    for this posting

    On Thursday, December 7th, 2006   by Chris Miller        

Admin2006 Vienna - BOF Experts Panel live blogging

I had the pleasure of sitting with Andy and Rob of Technotics, Susan Bulloch of IBM for a four person panel BOF to answer whatever questions they had across all areas.  This is what we had to cover (minus a couple):
  • how to deep fry a turkey
  • change users SMTP domain name across 17 acquired companies
  • whitelisting servers
  • Sametime error codes for users dropping connectivity
  • set update flag in local address book
  • multi language notes clients?
  • strip attachments from NDR's?
  • port failover in a clustered server - teaming NIC cards as solution at hardware level
  • migration of domains by moving everyone into the new domain and then recertifying
  • server_transinfo_range  proper setting?
  • Nomad questions on the uninstall/U3 and performance speed issues on USB

    for this posting

    On Thursday, November 30th, 2006   by Chris Miller        

SNTT: Working with that hard to setup remote server

As we fired up a new customer server remotely over in China, it had terrible bandwidth and connection issues.  It could telnet to the Notes port on the US based Domino server, see the server in DNS and IP, but when Notes popped up it had the worst time trying to connect and would time out too fast. Image:SNTT: Working with that hard to setup remote server

So there is a couple ways to handle this.  As commented before, there is no documentation of what format or data should be included for the setup selection of choosing local media.  We have played around with it to some success, but it should be much cleaner.  So we copied down the names.nsf, admin4.nsf and the notes.ini from a freshly installed and working server.  A quick change of the id file and paths and the server came right up.  You could note the CleanSetup=1 in the notes.ini but I wanted everything built, not just to tell it that the setup.nsf database was placed and removed.

You used to be able to create profiles, pre-configured in the setup.nsf database and place that on numerous servers.  it doesn't like that in the newer code streams.
    for this posting

    On Thursday, November 23rd, 2006   by Chris Miller        

Sametime (RTC) Gateway info again..

I hesitated last time to talk about site.xml and feature updates.  They snuck a fix into the RTC Gateway installer that you need to apply to your clients again to get Yahoo and Google to work correctly.  This is something that will frustrate you if not done in advance.

This is exactly what should have been done for the CF1 patch that came out, but now you have it.  I would either read more on how to configure or build the site.xml, including all formatting or I see there is a session on it at Lotusphere in using your Domino server to push and become a site update server for your Eclipse updates.
    for this posting

    On Monday, November 20th, 2006   by Chris Miller        

So let’s talk RTC Gateway

I had to gather my thoughts on it with all the pings/emails/podcasting and such.  With much discussion about why they picked WebSphere, will it ever run on Domino, why does it require so much hardware out there, we need to focus on the real issue, installation and deployment.  We can blow that smoke till we are blue (bad choice of colors with IBM involved) in the face.  Currently, there is no talks of any other path for RTC than what you see.  It takes whatever hardware it takes.  Now, I am not saying I agree here either.  This area is not the topic of the debate at the moment.  But more like how do we get this thing running?  So I started compiling a checklist.  Not of the step by step, I worked enough helping build those during the beta and they are documented now.  But more of key items to consider and this you should/shouldn't do.  Off we go on revision 1 below.  It was too big to leave on the main page in entirety.  Just click the Read More that is to follow and you get the info on the following:
  • Installation
  • Security
  • Management

Continue Reading here" So let's talk RTC Gateway" »
    for this posting

    On Friday, November 17th, 2006   by Chris Miller        

Sametime 7.5 Admin servlet bug found (we think)

Scenario: While doing demonstrations today I proceeded to log into 2 different Sametime 7.5 admin clients via IE at the simultaneously.  Login was successful on both.  However, while viewing Monitoring-Logins for live user polling, the two windows got reversed info.  Interesting if you manage multiple servers and are trying to watch load.  You might be seeing the wrong numbers if you are accessing multiple servers at one time.  I did this twice and got the same result after closing and reopening new browser sessions entirely. Here are the screenshots


    for this posting

    On Wednesday, November 15th, 2006   by Chris Miller        

Sametime 7.5 Mobile oddity we are seeing (gif to prove it)

While in the client, I expand my buddylist to see who in the group is online.  Yes this group is from the same list I share with the desktop.  But people show offline when they are there:


So that is a weird thing to me when I see and can chat with them.
    for this posting

    On Thursday, November 9th, 2006   by Chris Miller        

Sametime 7.5 Mobile on Windows Mobile 5 device issues

PROBLEM: Ok we learned a couple things about the Mobile install for Windows Mobile on a XV6700.  The user here was smart and installed it on the memory card instead of the local device.  It installed and dropped the icon but would never launch.  Nothing, no click.

SOLUTION:  We removed it from there and installed to the local device and it came right on.

PROBLEM: Each time he closed a chat or Sametime with the 'x' in the upper right corner it kept dropping him back to the page where you had to specify the hostname and port.

SOLUTION: I found that I only created a profile for the Blackberry users and not the Nokia/Windows users.  I created that profile and it fixed that issue.
    for this posting

    On Wednesday, November 8th, 2006   by Chris Miller        

When Lotus business partners step up to the plate

This is when working as a team helps the customer.  We have had an issue the past week with a customer's hosted environment and bizarre amounts of increased spam getting past the filters.  Well we found a couple issues, like a company group being exposed to the Internet for mail routing that a spammer found.  But other deal with the new variations in how spammers are creating emails.  So working with the other partner, we were able to grab some additional rules and formulas they had created and implement those immediately.

Some of you are saying, hey that is what they do for a business.  But I am looking at it as they jumped onto a screen sharing meeting to make sure everything was fine (which it not been modified in months so we knew this was abnormal) and implemented some new features and things that are coming soon in a future release at the spur of the moment to keep their and our customer happy and functioning.

That is when you like telling people that you have multiple customers using their product with good success.  Bravo to the team at Granite Software today.
    for this posting

    On Friday, November 3rd, 2006   by Chris Miller        

More Sametime 7.5 Mobile on Blackberry

  • I received a comment yesterday asking about the 7100 and SureType.  Well an answer was presented in the Sametime Forum that says SureType is possible with a quick manual user intervention.  You need to go into Preferences on the mobile device for Display and select Full Screen Input.  But then enter doesn't just send the text, you have to click the wheel.  I didn't like that much.  Luckily mine is the 8703 so I don't have that issue.
  • Setting text size bigger than small made it easier to read but took up a lot of real estate which meant scrolling.  So the default small font worked for me. Emoticons looked the same.
  • Chat history on the mobile device is great.  When you jump into a chat it pulls the previous bit of history.  That is very cool
  • The icon for the 7200 series is just a big blue square.  However, on the 8703 it shows as the familiar Sametime icon, even if it was a bit larger than the other desktop icons.
  • Port 80 access for tunneling seems to work as Gerco reported, we went for the default 8082 to test.
  • The ability to flip between multiple open chats and the buddylist is nice.
  • N-Way chats are very cool and interesting.
  • Get ready for the standard blue and black text
  • Get used to the option in the click menu.  I thought would back me out until I realized it did close Sametime instead of the window I thought I was in.   is at the bottom of the scroll list instead of towards the top
  • I didn't test Quick Find yet, will do when more are online with the new client
  • Alert Me should be fun to play with.  I wonder if it carries over into the client too, or just the mobile device.

    for this posting

    On Wednesday, November 1st, 2006   by Chris Miller        

Quick Tips for going live with Sametime 7.5 mobile on Blackberry

So the test server went to CF1 as Carl and I pointed out yesterday.  So today I went through the download and install of Sametime 7.5 mobile.  The server side was fairly painless.  Went quick, found the Domino install and had only 3 clicks.

Now then, the rest is where I sat silly for a moment but then it all made sense.  You must manually add Fallback MIME types to the httpd.cnf file in order for it to see the .jad file that is needed for the RIM installs.  I was hitting the server with the browser before I realized this was a step to perform.  A quick restart of HTTP and you are off.

They also suggest you create an easy to remember web redirect for users.  I will do that later after testing.  The code then did an OTA install fast and I launched the client direct from there to the server.  It uses port 8082 so make sure firewalls are ready for that.  I tried hitting another Sametime 7.5 server without CF1 on it and the connection failed every time no matter what port or connection type I selected.  So the fixpack install is required for this to work right.

One other thing, you should go into the new Configuration-Sametime Mobile and set a couple default fields to make it easier for your user once they load the client.  Sort of like creating a pre-populated sametime.ini for the device.

So the device list for now looks like this:
  • Microsoft Windows Mobile 5 and 2003 SE
  • Nokia Eseries
  • RIM Blackberry 7100/8700 Series

    for this posting

    On Tuesday, October 31st, 2006   by Chris Miller        

Sametime 7.5 CF1 out, so to follow onto Carl’s postings..

Carl went crazy with a string of posts today on Sametime 7.5 CF1.  There was one minor discussion about utilizing the Eclipse framework to push out this change.  Brett van Gelder points out before I could even get to typing that Lotus did not package the update this way.  I imagine most of you do not have a site.xml in place for beginners to handle the updating.

From there the clients are not set to properly retrieve incremental releases from a central site.  Forgiving all of the config areas on our part, the package that came from Lotus also uses forces an alternate directory for installation (Carl makes a good point in the comments on why they may have made this change) and was not wrapped with the proper feature and manifest files to move into the site.xml for automatic distribution.  However, this screws with plug-ins it seems.  We have found no documentation around this in the readme yet.

I thought that was one of the points, but I am not sure when we can expect this to be available.  I would love to grab a fix from Lotus, update the site.xml section appropriately and let it fly so everyone gets the prompt that the updates are installed and do you wish to restart the Sametime Connect client now, or in 5 minutes as the documentation around it showed as an example.
    for this posting

    On Monday, October 30th, 2006   by Chris Miller        

Real-Time Collaboration and Mobility Seminar - Chicago Day 1 final

After presenting the session on the RTC Gateway, the response was stunned looks.  Enterprises represented still have concerns over the business case that would have them opening and connecting to public providers.  Security is always a concern and that issue was raised as there is no known (to me) message handler writers currently for SPIM and anti-viruses that are ready for the gateway.  The ability to have your corporate name shown to other enterprises through the clearinghouse and to the public side opens need for an IM Policy to be written to cover what should be transferred and how you represent yourself. You can restrict who can access which channel (provider) but the actions of that person now directly reflect your organization. No more hiding behind screen names.

I have more to say on this topic but I am thinking of a series or podcast.  Any takers on comments/interview of your thoughts in a podcast?

Dinner the first night was Wildfire, a pretty good local chain.  Apparently they are expanding to other cities like Atlanta shortly.  Besides the snowshowers that hit tonight, dinner was split among people trying to go to different places.  We ended up at Momotaro, a Japanese restaurant for some sushi.
    for this posting

    On Monday, October 23rd, 2006   by Chris Miller        

Moving from SIP Gateway to the new Real-Time Collaboration Gateway (RTC)

For those of you that are currently running a SIP gateway and want to prepare to move to the RTC, a technote gives the first indication of what is to come.
The Real-Time Collaboration Gateway is an extensible platform built on WebSphere® Application Server, and allows various real-time collaboration communities such as IBM Lotus Sametime and public instant messaging (IM) services to share presence and exchange text-based instant messages with each other. The Real-Time Collaboration Gateway receives messages from one or more communities, checks their legitimacy, translates them if necessary, and forwards them to their destination.

So you will need another piece of hardware to replace the current Sametime SIP gateway, or just reuse the one you have with an outage.  Keep in mind the outage could be a couple days as you provision with AOL to get connected directly.  DNS and domain management will be a key to you deploying the RTC Gateway successfully.
    for this posting

    On Thursday, October 12th, 2006   by Chris Miller        

Steve Castledine talks about stats for the blog template in 7.0.2

I can't say how important this information is when running a blog for a long period of time.  The blog database can get huge with all this information in it.  Long ago I swapped out my stats to make local replication and size easier.

All the blogs I host on DominoBlog I have pushed toward this configuration when they first went live or we found out this trick from Steve.  I would say almost 3 years ago.

I see they did blue-wash the template and trim it down (I still use a whole database from the DominoBlog 3.0.2 template for my stats database).  From there you can create your own reports or just use the views that were provided.  Apparently there is a document refresh that needs to take place when converting over, which for me will take quite some time.  I am thinking about just archiving out the old one and using the new stat database.  Makes more sense in a way.
    for this posting

    On Friday, October 6th, 2006   by Chris Miller        

Creating the Admin pack for Nomad

There has been talk out there of how to do Nomad for installations and some tips on using Admin.  I took this a bit further a few months ago when playing with Nomad over the versions/fixes.  Admin.exe was an easy part to rectify, after you remembered you needed some ntf files (events4, domadmin) to make it happy.  But let's add in more of the fun tools and you get a real client you can take around:

Remote Server Setup
Java Console
Notes Peek
Notes Ping


Now I cannot go and give away all the little secrets, but you get a great headstart here.

Do not try and install Nomad straight from the downloadable code, you must unpack it first.  I am hearing rumblings of those trying to install with the flags right from the exe file, which does nothing but install onto your local machine.  I quite image that Susan Bulloch will have many more comments on that thought.
    for this posting

    On Wednesday, October 4th, 2006   by Chris Miller        

The IBM Support Toolbar

While those of us in Firefox land apparently have to wait (it is under development), IBM now has the Support Toolbar for the brands to integrate into your browser.  Amazingly, Firefox extensions come out in the world like running water, so hopefully you don't have to wait long.

It might have come out a while ago, but I just ran across it.  You can even look down into specific brands, like Lotus to search only those site areas.  That is the key thing.

Image:The IBM Support Toolbar
    for this posting

    On Tuesday, October 3rd, 2006   by Chris Miller        

Collaboration University Day 2 and Announcements on Wiliki and Quickplace 8.0

Image:Collaboration University Day 2 and Announcements on Wiliki and Quickplace 8.0
Hawaiian for "Engineer" made to be a set of blog and wiki templates in Quickplace. You can deploy it now on current versions and it is open source based on Ajax and Web 2.0 capabilities.  It can be packaged as a PlaceType for all or used individually.  The RSS and Atom feeds will be awesome.

Quickplace 7.0 and beyond through 8.0
There will be a fixpack for QP 7 that will contain some new features before we move into 8.0

Quickplace 8.0 will have numerous enhancements launched around the time of Domino 8.0
  • Simple (if not almost automated) upgrade from version 7 to 8
  • The features above from Wiliki are listed as native in 8.0 of Quickplace
  • Better integration into Lotus and Microsoft
    • editing of QP content directly within Microsoft
    • Access QP from directly within Notes and Hannover
    • ODF support with integration from the IBM Productivity Tools
    • A Place Superuser access role
    • Better administrative reporting and dashboard control
    • Access content from within Sametime 7.5 chat , meeting or buddylist.  WOW
      • Transfer files from within QP right through Sametime
      • A Quickplace shelf (plug-in) for ST with even more capabilities in the screenshots
      • Subscriptions to key data like calendar, folders, what's new
      • My Places would move into folders in the inbox of your mailfile
        • Drag a mail thread right into Quickplace
        • Future mails in this thread get automatically pushed
        • A Quickplace Dashboard (we have to meet the Web 2.0 acronyms)
        • UI right click actions sensitive to users rights in the QP and context of usage

        Quickplace Next has even more changes in mind towards the second half of 2007
        • Backup and restore Team Spaces
        • Offline access with the rich client - Hannover
        • Desktop integration - Office and Windows Explorer
        • Solid document management capabilities
        • New blog and Feed Reader ability

        So how does that sum up announcements at Day 2?

    for this posting

    On Thursday, September 14th, 2006   by Chris Miller        

Browser Cache Control in full effect

We updated the DWA control settings for some more security and laid them out in the server config.  It works quite well playing around with the different settings.  I suggest leaving the actual controls on the machine for faster loading but removing all data traces.  We saw a significant difference in performance waiting for the controls all the time over and over.  it got old very fast.  Here is a screenshot of the control pop-up for the users when installed for the first time.
    for this posting

    On Monday, September 11th, 2006   by Chris Miller        

Sametime 7.5 tip.. don’t have IE loaded? You better

It is well documented but you need to be aware of this fact, mainly with Linux machines.
The Sametime Connect 7.5 client does not support configurations where the only browser installed on the machine is Firefox.  This may be, for example, a Windows machine where Internet Explorer has been uninstalled, or a Linux machine where only Firefox is installed.

Otherwise certain features do not work, like chat
    for this posting

    On Friday, September 8th, 2006   by Chris Miller        

How will you use RSS in 7.0.2 for your users? I think I am starting to get it

As I read more about IE7 I thought about how far ahead Lotus was once again.  So what my new browser can read RSS.  I have had applications doing that for years now.  Where is the workflow and manipulation of data once I get it in there?

With so much information overflow, I see the path Mike Rhodin has talked about.  While I do not agree with dogears and some of the mash-up talk just yet, the consolidation and compilation of all the data I want can now be sent from and into Notes databases easier than ever.

How much time do we spend trying to keep clients gathering feeds all to ourselves?  How does that benefit our business partners, customers and even friends?  It doesn't when only you see Bloglines, your Feed Demon or Atom application.

Right now we all fight over what is important to us by subscribing to RSS feeds individually and hoping the content continues to give us what our minds find interesting.  But, I have to get links from others to find new content I never subscribed to.  In a portal or enterprise scenario I can reach everyone with what is important to the company and then let them see what is important to each other by rankings and how often topics are reviewed.

Who has the first workflow driven, tracking and mashed together RSS database built?
    for this posting

    On Thursday, August 31st, 2006   by Chris Miller        

Interesting quote in a company’s claim of migrating Notes to Exchange

I found an article about a product set that assist in migrating Notes mailboxes to Exchange.  The lines that stuck out were as follows:
"We seeing larger customers moving to Exchange," says Ron Robbins, product manager for Exchange migration solutions at Quest. "we are seeing 20,000 to 50,000 user accounts moving over..."

Quest, which says it has migrated more than a million Notes mailboxes to date, ...

Where the heck are all these users?

There is a podcast you must listen to, for at least the first minute, that they put on the right side.  The podcast's first question that asks why people are moving.  Ron, quoted above,  actually states that there is confusion around whether Notes will be around and the move to Workplace Messaging replacing Notes.  Of course, the interviewer and Ron are both Quest employees.  The statement that there is more mobile options on Exchange and greater reliability had us laughing in the office.  Oh please go listen and laugh along.  Then taunt them with me.

Continue Reading here" Interesting quote in a company's claim of migrating Notes to Exchange" »
    for this posting

    On Wednesday, August 30th, 2006   by Chris Miller        

Are you @Live with Sametime 7.5 yet?

Well a funny thing resurfaced in the world of Internet shortcuts.  People are getting into the habit of using the '@' symbol for the word 'at' more often, instead of just in email addresses.  Like:

'Meet me @ 5'
'I will be @ the office'

But, I found that when I went home last night with the new Sametime 7.5 Connect client, I said @Home in my Location when prompted.  Unfortunately it blanked out the Location field from showing.  If I simply removed the @ symbol,, it all came back.  Bizarre and from reading it was deferred to a later fix.

On the positive side, the location setting is great and makes finding how to contact and where people are a great thing.  It works well so far for our sales team that upgraded right away and some of our people at customer sites.  Good stuff there.
    for this posting

    On Thursday, August 24th, 2006   by Chris Miller        

My Friday’s posting on Sametime 7.5 got some email and responses

People were questioning what I was hinting at.  Well since I see 7.5 coming out the door in official launches and such soon, I should explain there is room to grow in the management and some things deferred till later that would be awesome now.

Sean Harris points me to
Chris Pepin's posting with the pdf from Lotusphere on the scalability of the IBM Sametime environment.  Taking a screenshot from there, how many of you could get your enterprise to offer a server farm like this (of course scale to your size of employees) ?

Picture multiple MUX servers with Community Sametime servers sitting behind that.  A world of possibilities yes.  But my posting was not about the server side as much as the client.  

Image:My Friday’s posting on Sametime 7.5 got some email and responses

My comments revolved around how fast it jumped out of of beta even after a beta call just days before, not the scalability of the product. That is to be determined at a later date as usual.  I personally think (since this is a personal blog) that I was anticipating another beta drop or longer cycle to clear some of the items to get built in or fixed for the product.

The server core stays the same in 7.5 with a few added things and UI for web meetings.  Most of the work is in the awesome Connect client.  However, there is still management things to be done with this amount of capabilities.
    for this posting

    On Tuesday, August 22nd, 2006   by Chris Miller        

SNTT: SMTP and SSL on port 465 (and the Lotus boo boo it seems)

So here is the issue.  You wish to do SSL for SMTP.  Looking at Domino you see that it is disabled by default for both inbound and outbound SSL over port 465.

However, we could not get anything to connect from outside out network to a server that was offering SSL for SMTP after being enabled.  We had both Anonymous and Name & Password set to 'Yes" also.
Image:SNTT: SMTP and SSL on port 465 (and the Lotus boo boo it seems)

After searching the firewall logs we found that connections were never getting to the firewall in the first place.  So we went farther back to the edge routers.  What we found was that the port 465 packets were getting dropped for some reason.  After some digging by our network team we found this lovely bit of information.  Basically Domino still uses port 465 for SSL over SMTP.  This port was assigned and picked up by Cisco URD (URL Rendezvous Directory for SSM) after the V3 SSL standard was drafted 10 years ago.  The port never made it out of Reserved (pending) with IANA according to what I could find on the Internet.

So the recommended approach is to start communications with a START TLS encryption instead of move your SMTP SSL port somewhere else.  While it might work over port 465, there is no guarantee is Cisco routers are somewhere in the middle of the communication.
  • References: /products_configuration_guide_chapter09186a00800ca795.html

    for this posting

    On Thursday, August 17th, 2006   by Chris Miller        

This Domino Administrator tool came in handy today

One more of those tools you never think you will need.  Found under :

 Server-Analysis-Analyze-Find Server

Image:This Domino Administrator tool came in handy today
    for this posting

    On Tuesday, August 15th, 2006   by Chris Miller        

Sametime 7.5 Connect and memory usage

I have had a couple requests on memory usage with the Sametime 7.5 Connect client.  How much does it take? What are the minimum requirements on the PC? Etc..

Keep in mind these numbers are represented by the latest beta code and might still have debug left, yada yada.  You know the drill..

Well here is what I have found for the standard user on Windows XP:
  • When first launched and opened it was eating ~32MB
  • When minimized to status bar with the minimize button and not the 'X' it drops to a nice low ~2-3MB
  • When reopened to the screen it was ~12mb
  • When a text chat comes in it jumps to ~42MB and then settles back into ~35-37MB
  • When closed with the 'X' to the status bar it stays at ~34MB
  • When a chat is open but the buddylist is sent to the status bar with the minimize it ran about ~10-13B
  • When a chat is being typed in with the buddylist minimized it ran about ~17MB
  • A voice chat kept the system at ~38MB plus another sametime.exe at ~2MB
  • Chat History ate up about the same memory as when you have the client opened
  • Instant Meetings didn't change the client memory just added the browser usage as expected

So take that how you wish, but that is what the basics are for now
    for this posting

    On Monday, August 14th, 2006   by Chris Miller        

I must apologize and amend my earlier today Sametime 7.5 posting. I found it in the new beta stream!

(NOTE: Adam G hit my posting as a response before I could retype this one showing the same thing, yes they fixed it!  Thanks for the example Adam)

Apparently somewhere along the way they fixed the issue from what I posted right below.  In the recent beta you can go into preferences for the community and change icons.  That always worked.  Then under Contact List Window you select (which the UI changed from earlier) to show the community icon for each person with some percentage of transparency and viola!!

Now we have to see if that is true for the RTC stuff.  I know there is some hidden AOL icons in some jar files, so I bet it will exist somehow.  Crossing fingers...  (this is looking like Trillian in the main buddylist window now) Prey for tabbed chats.

    for this posting

    On Thursday, August 10th, 2006   by Chris Miller        

Customizing Sametime 7.5 so far and a small rant

I went ahead and loaded the SDK and Eclipse dev platform to see how hard some plug-in manipulation would be for the average non-developer user.  Let's say it is not pretty.  While I was able to follow the steps in the pdf file to get it started fairly well, from there it gets blurry.  I will update more on that part later.  Now..

So I went into simpler items such as adding community icons to my client and trying to replace the darned greyman group.  If you have not seen it yet, when a users does not have a picture available, it shows a nice grey head of a person as a placeholder.  I was able to track down that .png image in the .jar files and replaced it with a company logo.  Turned out quite nice actually

The specs:
  • Image_Placeholder better known as Greyman Group is 37x37 pixels
  • Community icons are 16x16 and only affect the community icon at the top of the buddylist window, not anyone associated with it.

Here are some new icons I added for the communities for more color selection.  Orange, "Yellow is the new black" and green.

Go away, nothing to see here, it has been fixed, see newer posting above this one.....
< rant >The community icon should apply to each person you add in my eyes.  That really bites as it would be nice (like other clients, *cough* Trillian) to tell which community a person came from.  Then you can cross match groups by task, team or whatever and see where they are linked to.< / rant >

    for this posting

    On Thursday, August 10th, 2006   by Chris Miller        

Sametime 7.5 and migrating privacy data utility required

Upon reading the Release Notes for the current build of Sametime 7.5,  I came across a good thing to know for all administrators that have current Sametime environments.  If anyone has utilized the function of "Who can see me" in their previous Connect client, there is a utility that must be run after upgrading to covert these over to the new Privacy functions.  If not, they won't function the same.  They added some new capabilities and you can see that in how they note in the Connect client preferences that certain things are for 7.5 servers and users only.

There was a technote references under #1242317 for "Migrating privacy data after upgrading to Sametime 7.5."  Unfortunately this is being held.

I found the UpgradeBLUtil.jar on the server but I am not sure what flags or whatever to run so I am holding off testing it for now.  Let me see if I can get some info.
    for this posting

    On Wednesday, August 9th, 2006   by Chris Miller        

Sametime 7.5 and the RTC Gateway

I have been interested in this since it was announced at Lotusphere just over 6 months ago.  But it seems that the Real-time Collaboration Gateway will not see light of day when Sametime 7.5 first ships.  I have not heard a peep about beta of this portion of the product and out perusing the blogs I came across Adam G's posting on how the Mac will not make it into the first GA release either.

I would love to see this ship sooner or even start playing around with it.  I have companies asking about this ability since it will allow a more controlled chat environment with the rest of the world.  Now the gateway will use SIP to hit the outside products (Yahoo, G-talk and AIM) which the native protocol will take care of Sametime to Sametime connectivity.  I can see a bunch of connectors (including one for Sametime to Sametime communities) you can install or turn on and off to control which outside chat vendors your people speak to.  Or maybe this will move into policy control also.
    for this posting

    On Monday, August 7th, 2006   by Chris Miller        

A sturdy U3 USB drive, Titanium anyone run over by a Honda?

    for this posting

    On Monday, August 7th, 2006   by Chris Miller        

Playing with an interesting install twist with Sametime 7.5

With the move to the Eclipse based installation for the Connect client in 7.5, even though it is quite the memory muncher at this point, I thought this would finally be the perfect way to get the full Sametime client onto the U3 USB key, just like Nomad.  Currently some things are still written to the Windows registry, even though beta 2 was a fully independent and just ran from a simple directory.  I wish it had stayed that way.

So pointing the chat transcript folder to the USB drive doesn't always work either as the drive letter might change each time you plug the device in.  A native directory path to the Sametime folder would be nice however.  Or just turn it off for that instance of the Connect client is my next thought.

Sorry for the rambling thoughts on getting certain features working, but I am really trying to make sure this works on the USB now.
    for this posting

    On Thursday, August 3rd, 2006   by Chris Miller        

Promised update on Notes on Linux installs

On Jul 24, I promised to update you on our Notes on Linux installs.  Well I can make it simple since Chris W did such a fine job of drawing it all out.

You need just over a GB of temp space to get it installed, no matter what it tells you.  If you do not have enough, we got to see it actually install just the Workplace components and note the Notes part.  That made for an interesting desktop.

No documentation the Linux guys found showed how to go back and install just the Notes part, so the uninstalled and started over.

However, I must say that they are extremely happy at this point and gave it good reviews so far.  All this on Red Hat 4 I believe.
    for this posting

    On Friday, July 28th, 2006   by Chris Miller        

Workplace Services Express 2.6 base install overview

We had a customer request this for testing purposes on their test server so we wiped the and reinstalled the OS.  We went with Windows 2000 since it is a test box to save some 2003 licenses.

  • You need 4 files (or the cd's).  You can get the part numbers on-line but it is almost 3GB worth to download
  • Put them all in a single directory and unpack them there.  It will create all the necessary folders and structure if you keep using the same exact path for each unpack.  This in turn makes another 3GB of unpacked files on the server too

  • There is a file called launchpad.exe that brings up some Java and a GUI.  Unfortunately that damn thing would never come up, ate CPU like a Survivor winner and hung with an ugly grey box
  • I opened the install guide and went with the command line install instead
  • The old 2.5 version seemed to honestly take between 30-45 minutes
  • This one was the following:
    • Started GUI at 9:22am
    • Switched to command line at 9:26am
    • Started install at 9:27am
    • Install completed at 11:40am

    So that means it took 2 hours as compared to the previous 30-45 minutes.

    With that being said, it still worked fine and installed flawlessly past that point.  The page loads are always horrendously slow the first time.  This was no exception and the install guide even tells you to do so.

    for this posting

    On Thursday, July 27th, 2006   by Chris Miller        

WebMessenger loaded on Blackberry for Skype

That is what the Skype looks like on the Blackberry.  Not bad.  Uses SkypeOut to make the calls and runs as a plug-in for the desktop Skype for the free version.  A good compromise in some ways.  Sucks in others.  The documentation was a bit misleading on how to get it configured, plus it gave 2 icons on the Blackberry with no reason what the difference was.

  Also, the Skype id was to be used locally on the Blackberry (one would think) but in turn, you have some weird id name you enter into the WebMessenger plug-in that links the two together.  Keep that in mind if you download this freeware portion.  Just a step that you have to mix the guide and online help in figuring out.

Next up is the Sametime integration.  I already had Skype for the U3 working successfully, this is a nice addition so far.
    for this posting

    On Tuesday, July 25th, 2006   by Chris Miller        

Sametime, Skype, Blackberry and WebMessenger

Talk about a mix.  I came across an article found here that then linked to WebMessenger.  Now I had seen this product when we started doing Blackberry rollouts for customers (and ourselves) but never investigated further.  I found the first part interesting in how the company states that their mobile client is used by IBM.  I never have seen anyone mention it from IBM or seen it in action.  I am curious to see how that would function as an extension to our Sametime environments.

Next, Naylor says, WebMessenger will be expanding beyond Skype. "We have SIP compatibility as well, and so we're going to be rolling out similar capabilities for various SIP-enabled networks and telephony systems," he says.  "On the enterprise side, we're close partners with IBM - in fact, they deploy our mobile client internally as the extension to Lotus Sametime on the desktop."

But this is the part I really enjoyed.  Grabbing connectivity to other SIP providers for integrated click-to-call and conferencing.
The release of Lotus Sametime 7.5 this fall, Naylor says, will add a full set of voice capabilities. "They'll have click-to-call and Web conferencing, all tied into various telephony systems from Avaya, Siemens, Nortel, and so forth - and all of those are SIP-compliant systems as well, so we can provide that same capability out to the mobile device for them," he says.

I grabbed the Sametime integration for WebMessenger and will play with that and the Skype part on the Blackberry.  Here comes the review.

    for this posting

    On Tuesday, July 25th, 2006   by Chris Miller        

E-passports based on RFID: What do you think? (for the travelers)

I got this link and read the article on CNN.  They are stating that they will be a standard in US Passports by this August and will contain much of the information about you in a simple RFID tag.  Now, I personally like the future of RFID technology and think it has numerous offerings that will make business processes easier.

However, having all my personal information available for scanning from some short distance could leave you open for more than just identity theft.  How about identifying people by country as they walked by?  The idea of having the technology is to speed immigration and cut down on human entry errors.  I do not believe that it will prevent any type of false documentation.  Just take it to the next level of sophistication.  Now will this chip only contain a serial number that relates back to some database that stores all the information?  That would be a bit better.  But I canot find what is included on the tag at this point documented anywhere.

Now for the kicker.  Let's say the first run of these have a glaring security hole.  US Passports are good for ten years for adults from date of issue.  How do you recall and remake the ones with open RFID?  Operating System makers have enough issues with it and they have more automated ways of deployment.  Now we have to count on ourselves to send it back in?

So what do you think?
    for this posting

    On Friday, July 21st, 2006   by Chris Miller        

A new DDM file to explore

As I go deeper and deeper into DDM for the Admin2006 conferences and ND7 Upgrade Seminars, I am finding a lot more things they tossed into DDM.  The configurations and options are getting pretty large.

If you cannot monitor and generate some type of alert or notification for some type of event, you haven't looked hard enough.  Ok, there is one, no disk space monitoring on AIX.

So today I discover and play with DDMdiravail.dat file.  This shows a list of polled servers, port number and rep ID for directories you are checking for availability.  It looks something like this:


ACME|cn=server1/o=Christest|1352|dircat.nsf| |(1234567D:002E1F0D)|1

ACME|cn=server1/o=Christest|1352|names.nsf| 123456:0046A2EA|(123456D:005C7DC2)|1

So you get the domain, server/organization, port, filename, rep ID and then if enabled or not.  So witha  bit of manipulation, you can understand what is being checked on what port and enablement of the directory for DDM scanning.

    for this posting

    On Thursday, July 20th, 2006   by Chris Miller        

AIM Pro enters the market, and damn, that was impressive.. review and small screenshots

First of all, there are no ads, it is free and offers the normal chat, video and audio.  What is better about the Pro version is the integration with Webex, tabbed chats (with another neat feature below) and the Outlook and Office integration.

As soon as it fired up it prompted for my DAMO hook I had installed.  Which then is able to grab my calendar.

Image:AIM Pro enters the market, and damn, that was impressive..  review and small screenshots

I jumped into a chat with Carl Tyler (who was on Trillian at the time) and we did the normal testing to see what works and what doesn't when not using the same client.  I switched to "Share my Screen" and since he was not running AIM Pro, it offered him a URL that was all Webex technology behind the scenes.  And it was lightening fast.  Highlighting, text, annotations.  The whole idea of screen sharing.

Image:AIM Pro enters the market, and damn, that was impressive..  review and small screenshots

Tabbed browsing worked very well and even notified you in the left pane of how many unread lines I had per chat on other tabs.  We couldn't do audio and video as this was a test machine, so I will load this and try again.  File sharing offered an inbound and outbound window to show multiple transfers.  Firewalls were no issue in testing so far.

Quick contacts was a cool feature.  Add by email address or name in a drag and drop or selection box.  Since I had the DAMO loaded, it grabbed our Domino Directory also.  Encryption was built in to all the chat sessions.

What I didn't like was there was no install path selection available, it chose it's own.  Plus, there were some things in the EULA that got announced it was installing I was not sure about.  I am investigating those.  It also used some hefty memory but I was trying everything.  Still smaller than the recent Sametime 7.5 betas unfortunately.

Go and take a look.  Once all the federations are complete, you could have a powerful free client to choose from for chat and meeting services.
    for this posting

    On Wednesday, July 19th, 2006   by Chris Miller        

Completed ’training’ for Advanced Admin for Blackberry for Domino and Exchange

We are starting to host more and more Blackberry so we imagined it would be best to have the official class from RIM to make sure we haven't missed anything.  Well, it seems we haven't missed much.  There was a few tips and tricks we picked up.  But, having done so much of it now, we had a good grasp.

The diagrams of the internal flow were very nice to have and reference though.  Those were a huge help.  The instructor knew his stuff and only put off a couple questions he needed answers for.  Most were specific to things we were trying to do but fall outside the normal scope.

Now, I have had talks with the product managers at RIM at conferences and follow-ups.  They are still missing the boat on a couple things with true scalability and deployment in a large hosting environment.  Recently, RIM announced a hosting package but it was not well defined and the instructor had no knowledge.  From all of my readings it still lacks some true scalability features we require.  True clustering and failover are not there and policies need some more granularity and inheritance control.

But send us your hosting needs for Blackberry, that area is growing quite rapidly
    for this posting

    On Wednesday, July 19th, 2006   by Chris Miller        

Convergence on IM and email - following Ed’s posting linking to Scott that didn’t allow comments

First, this is one issue with blogging.  Not everyone allows trackbacks or comments and your own comments sometimes get lost in huge threads of others.  I prefer to rant on my own blog to solicit feedback and reach readers the other bloggers may not.  So read this whole ramble as it jumps around.

Ok, Scott brings up an interesting point about IM becoming email without some of the functionality of archiving and foldering wrapped around it.  I say this all depends on how you look at it.  With the ability to save chat logs by date or who the conversation was with, that is a form.  Add in some indexing ability and you have searching right away.  Whether or not a central server is in the mix is no matter (as Scott points out that is more a store and forward mechanism).  But without that store and forward, things like Yahoo would be less functional to get messages from when you were offline.

Now, it would be great is Yahoo would see that and convert that to an email that has some intelligence wrapped around it to know you prefer to be notified in some manner.  That leads to mobile IM capabilities across numerous devices.  Blackberry can log into all the messenger services, including Sametime.  Windows Mobile devices can log into everything.  So there is no real time you have to be offline if you desire.  I almost forgot.  Go here to see a nice layout of what different packages can do acorss platforms.  You have to scroll the whole page but a nice layout that someone spent time doing.

Scott goes on to mention email will soon die off with IM being the form.  I tend to think the convergence of the two will be seamless, with the capabilities of both being integrated.  Spam is already present in IM and will only grow as devices hook into it.

IM is replacing email for the younger groups because of the ease of usage and communication, the sense of relationship it brings and the integration into many facets of their daily lives.  IM is now used as a selling point of cell phone abilities and chat takes the place of what kids did with the phone years ago.  Then there was the ability to have 3-way calls on phones.  Now there is n-way chats.  It grows.

So go back to Ed's thread to read the tossing of ideas there in asynchronous mode
    for this posting

    On Monday, July 17th, 2006   by Chris Miller        

Beware of one thing with the BlackBerry 4.1 Express for Domino (the 10 free licenses)

We had a few hosted enterprises take advantage of this offer and get Blackberries.  One such company has liked it so much they wanted to take a previous paid 20 license they had and apply it to the server.  Unfortunately, the Express server will not go beyond 15 with an upgrade key that cost in the low thousands to allow you to unlock the Express so you can make it Enterprise.

Now the option was to remove the users, take the server down and then use the 20 enterprise keys.  However, that would have meant redoing the users which was not an option.  Luckily, the customer saw the humor in this and also knew that buying the upgrade gave them 30 licenses for a lower cost (since there was some free in there) and the ability to then add license keys as necessary.

Just a forewarning.
    for this posting

    On Friday, July 14th, 2006   by Chris Miller        

NOMAD and such things like security, manageability

Declan beat me to a general overview.  I suffer from not enough time and the lack of ability to talk about this beta some time ago.

Yes you can make Designer, Admin and a bunch of other things work.  Lotus will not support these, but I am using Java Console, Server.Load and slew of others successfully for some time.

But, security on Nomad fits the same security you would offer for any portable device, including a laptop.
  • Password security for the USB.  Not the top of the line security measure, but a welcome alternative.  Laptops have them, everyone seems to overlook that part
  • Biometric security.  This happens to be stronger than most laptops.  The data sits in an encrypted data partition until you provide a finger scan
  • Make sure you have Domino policies in effect that force encryption of all local replicas. How much data do you really plan on storing on these smaller drives?  Let's be realistic here.  Some people think they will be carrying a ton of data.  The idea of Nomad is portable access to important info and then the ability to connect at any machine.  With multi-GB mailfiles, not including the base install and simple things like address books, bookmarks and directories, it is a bit.  You can assist by stripping out unnecessary templates
  • U3 support will not be coming from Lotus direct.  Look for that from 'other' sources though.  If you are unfamiliar with U3 on USB, look it up right here
  • As was mentioned, don't worry about VPN connectivity.  You can load VPN files just fine on a USB and make it work.  This gives you more than portability.
  • Lost USB keys.  If you can get the password quality higher, remove unnecessary templates and data and encrypt everything, like you should, then you can lower your exposure

I saw a comment on Ed's or Declan's blog about manageability.
  • Smartupgrades will be an issue.  I do not see it feasible to have users send in USB keys and go without.  Some work needs to be performed here.
  • User id management will remain the same.  It is a Notes client for gosh sakes!  If you can rename, recertify or lock out users in Notes, then no worry here
  • Loading time for the initial install can take a little longer than you desire.  But that is a cost you pay for that one time part of the work.
  • **** Ed had a comment on his blog about turning this ability off.  Well no you cannot turn it off, it is a Notes client with the same code.  I see no identifier that shows it is Nomad versus the full Notes 7.0.2 client
  • Ben Rose wants to see it work at airport kiosks that still have USB ports enabled.  It should as my basic testing as a non-admin user launched fine as long as USB support was there.  I did not attempt on a fully restricted and locked down UI, but that is next

    for this posting

    On Thursday, July 13th, 2006   by Chris Miller        

So yesterday’s post on Exchange scripting prompted a response..

You can read it right here, of course.  But it included a link to another script that was written to gather storage space utilized in an organization.  Now, to get that it had to scour the Active Directory looking for specific ObjectCategory attributes.  It then manipulates, moves around gives a nice hierarchy.

Don't get me wrong, the coding is good and I appreciate the time he is spending offering free code for the Exchange admins.  Heck, we have hosted customers on Exchange.  My only point was that it should be native to the product.

Like opening the Domino Directory, seeing all the nice servers and connecting to the files tab in the Notes Admin client to get disk usage.  Heck, even select just the mail folder and see that count.  Yes you could automate that more, or *GASP* use stats to gather it automatically for you like I mention using the same thing in my last posting.
    for this posting

    On Wednesday, July 12th, 2006   by Chris Miller        

How easy is it to monitor and be alerted of freespace on a Domino server? let’s compare to Exchange with no tools purchased

I got a laugh out of this posting I ran across.  In Domino, open Events4 and make a probe to watch some disk drive for some percentage or amount of freespace.  If it dips below, then fire me an email.

In Exchange I saw someone doing this..:
I came into a situation where there are several Exchange servers without any monitoring. While software is procured, I created the following script to do some basic monitoring of Exchange services and disk space (to make sure circular logging doesn't kill the server). I have the script running as a scheduled task every 15 minutes. The script will create a log file every time it runs. If one of the thresholds is reached, an email is sent

Note the comment about having to buy software and then go look at the script. Hooray for text logs?
    for this posting

    On Tuesday, July 11th, 2006   by Chris Miller        

Announcement: Collaboration University

Have you ever wanted to drop the sales hype and see a strictly technical conference on Sametime and Quickplace? This now exists at Collaboration University brought to you by a collaboration between some Lotus Business Partners and IBM.  I am one of those partners participating and presenting at this conference of awesome speakers and knowledge (no I am not talking about myself)

Block your calendars of now to attend in either the United States (Kansas City means cheap domestic flights) or London.  Both dates are in September.

Here are some of the highlights of the conference:
  • Deep-dive into Sametime 7.5 and preview Quickplace 8.0
  • Programming code examples
  • More challenging as the conference progresses.  Meaning apply what you just learned and grow your knowledge, not jump in too far at first
  • All the sessions are from Business Partners that specialize in these products or the IBM persons responsible for bringing them to you

Now here are the bonuses:
  • Dinner with the speakers for some of the first that select that option. (See the site for details)
  • Phone follow-up consultation with the expert of your choice from the conference (See the site for details)

Check out the site to gather all the information, including early-bird discounts.

Image:Announcement:  Collaboration University

    for this posting

    On Monday, July 10th, 2006   by Chris Miller        

School spends thousands searching Lotus Notes for past emails (someone explain this to me)

I was reading this article, make sure you read it all to get the effect.  Here is the excerpt that confuses me (bolds are mine):
Despite expectations that it would take only days to retrieve student reassignment e-mail, Wake school officials needed 15 weeks and spent almost $17,000 in response to a public records request from The News & Observer.

But it was apparent by Feb. 14 that the district's information technology staff did not have the ability to easily search past e-mail.

Wake's e-mail system -- called Lotus Notes -- was installed last year, said Vass Johnson, director of network systems. Officials felt the system could handle a large public records request, but this was its first big test.

Staff members soon found they had to do much of the time-consuming work themselves, such as writing computer scripts that reconstructed databases and searched for specific e-mail.

Someone needs to tell them that they could have had journaling turned on, multi-database searching or whatever instead of all this wasted time and script writing.  Life can be much simpler.
    for this posting

    On Thursday, July 6th, 2006   by Chris Miller        

Here is something new in 7.0.2 I read about..

I thought this deserved some attention from us that run environments where users cannot stop copying people from the main NAB into their person address book and then complain when routing stops working after we do a name change
Mail, Calendar, and Scheduling improvements
Performance improvements made to the Mail, Calendar, and Scheduling functions include:
  • The "typeahead" feature now looks into the server address book first, instead of the user's personal address book

    for this posting

    On Thursday, July 6th, 2006   by Chris Miller        

You couldn’t ask for better timing, more on Exchange 12 (2007)

I had my posting a couple days ago on the 64-bit architecture stance of MS for the new Exchange.  NetworkWorld was kind enough to toss a front page story on the upgrade pains that are to come for those shops also:
Users will face new clustering limitations and will have to eliminate all Exchange 5.5 servers from their environments.  In addition, they will not be able to do any in-place upgrades between Exchange 2000/2003 and Exchange 2007.

.....major changes include a new role-based architecture that could require users to roll out as many as five types of Exchange servers.... The current versions gives two deployment options...

So let me get this right?  Your clustering gets worse and I can't even have old versions around? Oh yeah, and don't plan on overlaying that code, let's get that new hardware.  If you are large scale, plan on revisiting clustering and adding a bunch of servers to handle the roles.  While they could run on fewer machines, that is not likely for a lot of users.

Bless Domino folks.

Then to add insult to the injury (as they say):
And Exchange no longer will have its own site topology but will run on top of Active Directory topology

While this is good and bad.  Good because you streamline your topology management.  Bad because you have to rip and migrate the topology and then rely ONLY on your AD topology.  What if that tree has funny limbs that can't talk right.  Cut it off and grow a new one :-)
    for this posting

    On Wednesday, June 21st, 2006   by Chris Miller        

I recevied this question about Microsoft Exchange 12 (2007 or whatever number you wish to call it)

It was brought to my attention from an email that Microsoft is offering beta 2 of Exchange 12 as 32-bit and 64-bit.  The question posed was does this mean that they will now offer it as 32-bit also when they ever release it?  Umm not apparently.  That is for the testing purposes only.  According to their own pages, and we link and quote..
Q.        Why isn't Microsoft also delivering a 32-bit version of Exchange Server 2007?
A.        Exchange Server 2007 is designed to be a stable, reliable enterprise messaging platform that delivers the fundamentals of e-mail and calendaring while providing innovative new capabilities. These new capabilities make the messaging system more cost effective and scalable for your organization and at the same time more productive for users accessing the system. Simply put, given the new capabilities of Exchange Server 2007, Microsoft could not guarantee a high-quality 32-bit version.

Q.        Will I need Microsoft Windows Server 2003 x64 to run Exchange Server 2007?

A        Yes, to deploy Exchange Server 2007, you will need an x64 edition of Windows Server 2003 or Windows Server 2003 R2. Volume-licensing customers are free to exchange their 32-bit version of Windows for the 64-bit version at any time, using their media kits.

So let us not forget that Exchange is 64-bit, but the operating system itself, and the hardware to support it is not 64-bit people.  Count em, add em up, spend that cash and welcome to "stable, fundamental and reliable enterprise messaging".

Wait, does that mean they are saying their past products are not even fundamental or reliable?

    for this posting

    On Monday, June 19th, 2006   by Chris Miller        

Yes, I still love my U3 USB thumb drive, so what about Notes on it via Nomad in 7.0.2? My current thoughts on the press around it

Listening to the press around the future of Nomad on 7.0.2 it seems that native USB support will be there, just not a full U3 install also.  This is not a big deal, as not everyone has a U3 drive.  This whole thing came to mind from an interview with the Kingston product manager that is on-line to read from DominoPower.

So what this means from reading, is that Notes will be installable onto any USB drive with enough space.  How much will that take?  Looking at a current Notes client only, you can expect to rim down templates and some other items for sure.  But you will still eat up a couple hundred MB or more minimum.  Security of the data is in place, so you can replicate.  I am curious about the speed and performance.  I am guessing a selective replication for mailfiles would be the way to go, say the last XX days of mail, so you still get folder structure.

If all this works as planned, this will become a great selling point for mobile users.  Now, what about kiosks?  Those won't be available in most airports, but who would trust their USB on a kiosk nowadays?  I imagine with some U3 embedded anti-virus (which is available) it would be more of a warm fuzzy feeling.  There is even keystroke logging detection programs.

Can you carry your entire desktop with you?  I am getting there.  Firefox, Trillian, Skype, soon to be Notes, a PDF reader, OpenOffice and even Zinio for digital magazines.  With a couple GB USB drive and U3, visiting the parents and not tugging along the laptop will be a breeze
    for this posting

    On Friday, June 16th, 2006   by Chris Miller        

Downloading Quickplace controls directly from the server

The first thing anyone can do is the quick grab of the controls through HTTP browsing.  Lotus provides a nice chart showing the location:

(chart removed for a second, it was giving me blog sizing issues, you can find it in the technote)

The long run is to have some back end script for locked-down users actually extract the pieces of the cab file and place the DLL on their system.  Not a pleasant experience but just what we had to deal with.  Hence the reason for this posting.  The users could not accept the controls themselves so an alternate way to push them out had to e designed.  Lotus addressed just that with technote #1214819.
    for this posting

    On Thursday, June 15th, 2006   by Chris Miller        

Technical Issues and Resolutions from the St Louis Notes User Group

One of the first admin questions dealt with local users still being able to utilize type-down addressing.  I had not thought about that in years!  Apparently, looking at recent technotes, it broke in 6.5.1 for the client.  Technote #1168872 describes the settings required to let this function work correctly.  Searching further I found technote #1084833 that covers type-down addressing and directory catalogs.  I might have to look into playing around with this.

Another question from an attendee wished to restrict certain users from receiving SMTP mail (SEC needs and requirements) and still have them receive SMTP mail from internal applications.  There was too many users to add by name to SMTP restricted fields (where groups don't work).  Instead, it was suggested to selectively remove them from replication to the edge SMTP servers (or put flag for LDAP from spam filter) and then point the internal applications to inside servers directly.  A simple solution for the problem.

Sametime on Blackberry came up at the end.  They just wanted hints and tips which no one had any up front.  So can some readers assist?
    for this posting

    On Tuesday, June 13th, 2006   by Chris Miller        

To update the reason we had the issue on that file Wednesday’s posting

This was a file (a simple database made from a standard template) that had to be placed back onto the cluster via system file copy.  So when Domino saw it, it was skewed in size for some reason.  This file also had local access protection enabled so compact could not clean that up.  Waiting till the next day for overnight maintenance to run actually gave another twist.  Instead of a file size, it now had N/A as the file size since it could not read it properly.

We are cleaning up the local access protection issue and letting it run again.
    for this posting

    On Friday, June 2nd, 2006   by Chris Miller        

Space used by database larger than 100% ?? But of course it can show that way

Here is the screenshot..

Image:Space used by database larger than 100% ?? But of course it can show that way

I think the image speaks for itself.  Let's run some maintenance and see what happens.
    for this posting

    On Wednesday, May 31st, 2006   by Chris Miller        

Does changing platforms erode your business for a while? (a live busniness case)

I have watched with great interest as a flagship IBM outsourcing customer announced late last year it was moving away from Domino.  In the place of Domino is a whole slew of Microsoft products.  This company ran Lotus Notes for over eight years I believe before taking this plunge:
The rollout consists mainly of five Microsoft products-the Office 2003 desktop suite, Outlook E-mail client, Communicator instant-messaging software, Live Meeting conferencing service, and SharePoint document-sharing portal-plus Windows Server 2003 and other server software. The deal represents the largest license to date of Microsoft's real-time collaboration suite (Communicator 2005, Live Meeting 2005, and upgraded Live Communications Server 2005), introduced in March

I cannot see where the migration attempt for all these applications as well as the 20 terabytes of email.  Where the heck are they migrating that kind of data into Exchange?  How many servers is that going to be living in redundancy while the migration continues?  In the article the CIO notes that you cannot live in hybrid mode forever due to costs.  But no mention of the migration costs for 92,000+ PC's.  I guess there is no Linux clients anywhere :-)

So my question becomes, where does productivity, training, costs and manpower sit to run both at once, perform the migration and then support both systems?

The article mentions "pressing 8 years" for running Lotus Notes which leads me to believe customizations or slow upgrades.  How can a well embedded 8 year old system be harder to upgrade and maintain than an entire multi-product rollout banking on a version that was not even out yet?  I want to see some numbers here...

    for this posting

    On Thursday, May 25th, 2006   by Chris Miller        

My how Execution Security Alerts have changed over the versions.. (with pics)

I do not like how they changed the Hotkey selection for certain actions from version to version. Makes no sense at all.  But they functionality increased.  I would like to see one more action added, show me exactly what it is trying to change or do in some example.

Notes 5 was pretty basic with what you could do with an Execution Security Alert....

Run once, trust them or run away.

Then Notes 6 stepped in and Lotus stepped up the game for running unknown code as seen here..

Actually, the options were exactly the same.  Hotkeys got changed and some verbiage, but more information was given on what the code was attempting to do.  Note that the help function was removed from the main pop-up.

Now we go on to Notes 7
A single session trust ability added on to the option to trust them forever.  Hotkeys are not underlined anymore but work just fine.  Guess that was just an oversight in the UI.

    for this posting

    On Friday, May 19th, 2006   by Chris Miller        

Found the cause of the crash/hang the other night..

When I first reported this, it was too late at night to worry about reasons.  Last night the issue started creeping up again right after 10pm.  Low and behold, my eye caught some console jargon.  There was some maintenance attempting to run starting at 10pm.  So couple that with the traffic the server gets (thanks to all for that), it was causing it to run slower than a turtle chewing salt water taffy.

So issue resolved on that end for good, the 7.0.1 code is smoking along great and the world of the blog-o-sphere is at peace once again.
    for this posting

    On Thursday, May 18th, 2006   by Chris Miller        

Before we move into Sametime 7.5, how big is your contact list?


If you attempt to add a high number of names to your Sametime Connect client contact list, only some of the names are added. Is there a limit to the size of the buddy list?


Release Contact list size limit
7.0 64 KB
6.5.1 64 KB
3.1 60 KB
3.0 IF2a 60 KB
3.0 32 KB

This limitation applies to both the Sametime Connect client for desktop (C++ client) and Sametime Connect client for browsers (Java connect)

    for this posting

    On Monday, May 15th, 2006   by Chris Miller        

Update on bug in Remote Server Setup

I posted this issue a couple days ago and a wonderful person was kind enough to already get a SPR entered for it under SPR # SBUH6P9PJF
    for this posting

    On Friday, April 28th, 2006   by Chris Miller        

Error: Did not accept the new certificates because they were issued after the current certificates

I got this posted in my comments but not attached to any certain document asking for help.  The error is self explanatory in many ways.  Whatever certificate you are trying to update is not issued in a date after the one already in place for the user or server so it is being rejected.
    for this posting

    On Wednesday, April 26th, 2006   by Chris Miller        

IBM Support Assistant (ISA) 3.0 testing

I downloaded this for the first time to play around and see if it could help. The interface moved a little slow on my test machine, but that is to be expected.  A lot of Java on Eclipse technology was at work.  The interface did the same searches I usually do right in the databases themselves, like Knowledgebase.  It was able to grab from numerous sources, just like you can do from the homepage of Notes.Net.

I could not get any login in the world to work for creating Electronic Service Tickets, but I leave that to my mistake in not knowing if my IBM id is registered to do so.

The only thing I liked so far was the Collector task that ran, including the ability to create remote collectors.  I went through the Updater to load any product tools for remote collection and found that Notes/Domino 6 and 7 were both there.  Unfortunately Sametime was labeled at V3 only.  Not sure if that carries forward.  A restart of the Assistant was required after installing the tools, no biggie.  But then I could not get any tools to load from them after install.  Just the homepages and some tech info for each product.

The local system collection jumped a jar file somewhere on the operating system.  I wish I could specify or open it from the collection screen.  Unfortunately it just gives the path to where it is, which you have to remember.  If you change screens and come back it resets the screen I found.

I might play around some more, but I am guessing that NSD, Automatic Diagnostic Collection and Fault Analyzer will get all this and more in the Lotus world.
    for this posting

    On Tuesday, April 25th, 2006   by Chris Miller        

SNTT: Diagnostic Collection for clients, a beginning

Well of course it does not work without a policy.  It is stored under the policy name in the local address book ($Policies) view and in a field of the desktop settings called DCLoc.  If you have no policy, even manually running the nsenddiag executable would have no routing information assigned to it.

So no policy, no way to change an ini variable to send the diagnostics anyway that I can find at this point.
Image:SNTT:  Diagnostic Collection for clients, a beginning

So I generated a quick policy, ran
ndyncfg to update the local client config and then ran nsenddiag to get the crash information over to the Fault Analyzer database on the server to see what was wrong.
    for this posting

    On Friday, April 21st, 2006   by Chris Miller        

First Domino 7.0.1 crash on my desktop ....

Image:First Domino 7.0.1 crash on my desktop ....

Not sure why, not sure how, not sure of anything but the instance of this lovely graphic at this point.
    for this posting

    On Friday, April 21st, 2006   by Chris Miller        

’Live Clipboard’ - a Ray Ozzie special

I was reading an article on a new project (yes announced a month ago) that Ray and Microsoft threw together.  This comes with the announcements of all the Live! product announcements.
Live Clipboard uses a simple metaphor, the Windows Clipboard, to let users copy and paste live information - for example, another user's calendar - from one site to another without losing the link to its data source.  The clipboard uses Real Simple Syndication (RSS) and the Simple Sharing Extensions (SSE) to handle data feeds.

I love the idea of moving and copying web data objects without losing where it came from.  But does this allow content to be shown as someone else's with no proper credit?  Can you simply use these to glue things together? They state they have enough interest that a draft specification has been tossed together too.  So this moves beyond taking web text like I do for the posting here and referencing it, it moves into meshing that data with my own and making it part of my entry.  While maintaining the link and integrity of the original posting.
Myself not being a developer, I read this with a different twist.  Some read it as a way to move data easier and bring systems together, I see it as a way for someone to grab your stuff, mark it up some and make it their own while still pointing to you and your resources serving it up.  I might have to reword that.  Here is Ray's comments from his own blog entry:
Where's the user model that would enable a user to copy and paste structured information from one website to another?

Where's the user model that would enable a user to copy and paste structured information from a website to an application running on a PC or another kind of device, or vice-versa?

And finally, where's the user model that would enable a user to 'wire the web', by enabling publish-and-subscribe scenarios web-to-web, or web-to-PC?

On Ray's blog he states there is good threads and feedback, but you still can't comment back on his directly, bummer.
    for this posting

    On Wednesday, April 19th, 2006   by Chris Miller        

The April 2006 Sys Admin Newsletter from is out

You can find, read, digest and comment on it over here.
    for this posting

    On Tuesday, April 18th, 2006   by Chris Miller        

IBM announced the Domino 7 Certification elective exams

If you have not seen them yet, you can also get grandfathered in if you took any of them from the Domino 6 series.
According to the company, electives for the IBM Certified Advanced Application Developer track will be:
  • LotusScript exam
  • JavaScript exam
  • Web Services exam
Those in the IBM Certified Advanced System Administrator track will have the following options:
  • Managing Domino Web Servers exam
  • Sametime 7.5
I would look for some changes on the Sametime 7.5 exam since it has not been updated since version 3 days though.
    for this posting

    On Tuesday, April 18th, 2006   by Chris Miller        

Remote Server Setup issue I uncovered

I speak highly of Remote Server Setup.  I have even found how it does partitions and an undocumented tip on how to adjust the port if there is firewall issues.  This was a new one I found today.

I was setting up a 6.5.4 server and turned on the listener for the remote setup.  I then went to my local 7.0.1 client and started the remote setup client.  Part of the way through I noticed that while customizing the server tasks, there was some 7.x info in there.  Specifically the RnRMgr came to notice in the list.  I left it checked for grins figuring it would have no bearing.

I was wrong.  It actually did add it to the notes.ini  servertasks= line and attempted to start the task when the server first launched.  No big deal, it simply said it could not find the task and went on it's way.  But I am thinking this is not a good thing overall.  I will search some docs and see if I can find it.  But no luck so far.
    for this posting

    On Friday, April 14th, 2006   by Chris Miller        

Your mother warned you follow the rules, unless she makes 101 of them. Wait that is Domino

  1. Customer embraces Lotus technology
  2. Customer expands SMTP services with Domino
  3. Customer believes in workflow
  4. Customer enables server based rules
  5. Customer enables a lot of server based rules
  6. Customer finds all rules not working
  7. I find a whole lot of rules in the server configuration
  8. I find more than 100
  9. I have light bulb in head
  10. I add notes.ini parameter to server  MailMaxFilters= xx
  11. I warn customer of performance issues with that setting
  12. I bill customer :-)
  13. We are all happy

    for this posting

    On Wednesday, April 5th, 2006   by Chris Miller        

As Rob Novak pointed out, IE ActiveX issues with new patch. Microsoft answers.."You have 60 days to be assimilated"

Here is the eWeek article that talks about the extension

And my favorite part
The big push now is for developers to recode Web sites and Web applications to cater for the browser update.

If not, users won't be able to directly interact with Microsoft ActiveX controls loaded by the APPLET, EMBED or OBJECT elements without first activating the user interface with an extra mouse click.

Can you say click-click for using that Quickplace, DWA and some other stuff as Rob so eloquently points out right here.

    for this posting

    On Wednesday, March 29th, 2006   by Chris Miller        

From CIO Blogs..Who Own the Internet?

There was some good information in this entry to me with even more interesting information if you drill down into it by clicking on the parts of the Internet backbone.
The colors represent who each router is registered to. Red is Verizon; blue AT&T; yellow Qwest; green is major backbone players like Level 3 and Sprint Nextel; black is the entire cable industry put together; and gray is everyone else, from small telecommunications companies to large international players who only have a small presence in the U.S

You can directly to the pdf image to drill down right here.
    for this posting

    On Monday, March 27th, 2006   by Chris Miller        

SmartUpgrade issue in 7.0.1, internally and at a customer now

I will make this quick.  When using SmartUpgrade, it kicks off fine.  No problem there.  Runs through successfully (one DLL error on one machine so far that relates to an older technote) and then the user is upgraded.  Unfortunately it is asking for the user's name to input to complete the setup.  The home server information came up but filled in, so it definitely knew about the local names and ini file.  Trying it again on a select person.
    for this posting

    On Friday, March 24th, 2006   by Chris Miller        

People actually read this? A PodZinger follow-up

Talk about surprises, I found this in the IdoNotes mailbox from the PodZinger article I did:
Hey there, Chris.

Just wanted to let you know that Taking Notes is now available through PodZinger.  We wanted to make sure this was made available, as you noted you couldn't on your post.  We're constantly scouring the Web to find the even expanding world of video and audio podcasts.


So if you like Taking Notes but want a certain point, there you go.  Searchable.  Thanks for PodZinger for such a quick reponse.
    for this posting

    On Thursday, March 23rd, 2006   by Chris Miller        

Podzinger, cool way to search podcasts by keywords

I read about Podzinger in Network World and took a peek.  I tested it looking for Taking Notes from OpenNTF to see if they had done this yet.  Even though they didn't pop up, I was quite impressed the way you could click on any word after doing a search and the podcast you found would start from that exact point.  You could even watch it scroll through the podcast timeline looking for that point.  Stop and start was available, even links to the download the entire podcast or grab their RSS feeds.

Then I realized they are just starting out.  It uses a speech recognition software to "read" the podcast and then make searchable text on the site.  Quite amazing and hits on Lotus Notes yielded quite a few accurate results of people talking about Notes in their shop or elsewhere.

So if you podcast or think you might, get listed.  A great way to find content.
    for this posting

    On Wednesday, March 22nd, 2006   by Chris Miller        

The March 2006 Sys Admin Newsletter from is out

You can find, read, digest and comment on it over here.
    for this posting

    On Tuesday, March 21st, 2006   by Chris Miller        

Manual purge of the Message Tracking (MTC) ? Sure why not

From technote #1109707.  Purging it down and then coming behind with an updall -x to rebuild the full-text and compact it some made searching much faster in a large environment.

Set a Program document to purge the MTSTORE more frequently.  Currently, the default is every 30 days.  You can increase this by running a Program document to issue the following command:

tell mtc purge value

...where value is the maximum number of days.  Set this to 7 (you may want to start with 14 if 7 seems too aggressive), and then run this command via a Program document once a week during off hours.

    for this posting

    On Wednesday, March 15th, 2006   by Chris Miller        

A rebuttal from Microsoft and my readings/comments on public IM connectivity in Sametime 7.5....

An accurate response came from Microsoft to my post yesterday.  LCS 2005 does offer connectivity to outside public IM systems through PIC (Public IM Connectivity).  Sametime will have the VOIP options built in also.  I agree that the integration needs to be made further in the phone systems.  DUCS is still under-utilized and full VOIP integration needs to be completed.  Awareness in both products is everywhere.

We can now move on to IBM/Lotus's statement that this feature or function will be free.  From the LCS website here, there is more costs involved:

Public IM Connectivity licenses are available on a per-user, per-month subscription and are additional to the Live Communications Server Client Access License (CAL). Public IM Connectivity has two licensing components associated with its use, a Services Subscription License (SSL) and a User Subscription License (USL).

Public IM Connectivity service licenses are available for Microsoft Volume License customers only and are not available for retail open customers following other Microsoft subscription licensing programs.

You then jump to this site to fill out forms to get public connectivity.  Unfortunately the Public IM Connectivity Partner site has nothing there yet either and states so.  This is how you merge your ID into the public systems.

Let's see how fast organizations move into federated connectivity with a free system versus licensing, I am curious.
    for this posting

    On Friday, March 10th, 2006   by Chris Miller        

More on CCH1 code people want for the Sametime fix

I had this on hold since 3/3/06 and forgot to publish it.  Shame, shame on me.  Plus I had to check the publication rights to the entry below

"CCH1 is not yet available.  We have been told that it should be out sometime next week.  It was pushed back because xxxxx  xxx xxxx xxxxxxxx xxxxx xxxxx with the Notes Client and the development team wanted to include them in the CCH rather than having a CCH2 come out soon after CCH1."

It also followed with this (keep in mind these are never hard dates and should not be taken as such)
A server side hotfix is available for all platforms for effected customers via standard support channels; so if you have a support contract - and you are actually affected by this bug - call support and get it
  • A client side fix will be included in Notes 7.0.1 Cumulative Client Hotfix (CCH) 1 due out by end of March 2006 (possibly sooner), available for effected customers via standard support channels - so once again if you have Notes clients affected by this bug, and if you have a support contract, call support and get it
  • This fix will be included in Domino 7.0.1 Fix Pack (FP) 1 due out in 2Q06; I have heard that this is probably around late April, but don't hold me to it
  • This client and server fix will also be in the next Maintenance Release, 7.0.2 due out 3Q06

    for this posting

    On Wednesday, March 8th, 2006   by Chris Miller        

Very, very bad mail routing loops. A classic example (with screenshots)

Brand new server, tons of available space.  Suddenly it disappears.  Poof!  A magical 50GB gone.  Oh where for art thou free disk space?  Let us look.

It all starts at  2:59pm yesterday  as seen in the following image


By the time the clock reaches 5:47am this morning  the same mail message has now grown to an incredible 25MB in size


So how many times did it loop before the disk started being eaten up?  Here is that screenshot too


So what does that mean?  Loops suck.

    for this posting

    On Tuesday, March 7th, 2006   by Chris Miller        

I am always on the lookout for new and cool chat tools or services, this was interesting.

Sure most of you are die hard Sametime and Trillian fans like me.  But, you can never speak well about what you run if you are unaware of the options.  There are so many that pop up it gets overwhelming.  So I only comment on the few that have something special that catch my eye.  ChatBlazer was one of them.  They came out with an installed or hosted chat platform that contains all the necessary auditing and audio/video requirements.

So what is the big selling point they have?  It runs via Macromedia Flash to all platforms and most browsers can access it.  One install, all web based, right out of the box.  Commendable.  There are profiles, multiple rooms and bundled with Flash the ability to put graphics, banners and change the UI/skins.  It does integrate with the major chat services also.

Does it integrate with Domino? it could always be embedded on the web side.  Does it look at your Domino LDAP server for directory information? Couldn't find it on the site anywhere.  They did have a lack of detailed specs, but provided all the OS and browser info necessary.
    for this posting

    On Monday, March 6th, 2006   by Chris Miller        

Windows, SMTP, DNS and non-routing SMTP outbound error resolved - plus how

I have encountered this error over the years numerous times on Windows.  The twist was (before I tell you all) is that it worked great on the LotusUserGroup servers for a long long time.  As some of you might know, I upgraded that server to Domino 7.0.1 and Quickplace 7 last week.

So after the upgrading mail slowly started building and not always going out to the Internet.  Internal mail was fine.  I couldn't think for a few moments why the upgrade would have changed anything in the mail routing.  Then it hit me.  The upgrade also included a hardware swap for better performance and the growth of the User Group itself.  I then had one of those famous epiphanies.  Windows, since the 2000 days has a technote that comes into play a lot here at the Data Center.  We usually find the time to use it after a machine goes from DHCP to a fixed IP and Domino has been loaded when it was in DHCP mode.  (Why that takes place is not the focus here and can be covered later).  So what happens is that the NameServer parameter in the registry does not get set with the DNS servers when you switch.  So the server cannot find DNS to send the mail , on a regular basis.  How Domino uses it is beyond me since some mail goes.

So I went in today and adjusted the registry under

A quick restart of Domino, for grins even though the router task would have sufficed, and viola, mail went flying out.

You could also add DNSServer=Ip address to the notes.ini, but who would want to manually manage the servers like that?

    for this posting

    On Friday, March 3rd, 2006   by Chris Miller        

Lotus made their stance known on Sender Policy Framework in January through a technote #1227751


What is Sender Policy Framework (SPF)? Does Lotus Domino support SPF?


Supporting Information:

Domino 7.x, 6.5.x, and 6.0.x do not support SPF.  An enhancement request was submitted to Quality Engineering as SPR# RCE5XZQTT; however, there are no plans to address it in the Domino 7.x or 6.x code stream.

Formerly known as "Sender Permitted From," SPF, an open source code, is an extension of SMTP.  Because standard functionality of SPF has not yet been published by the Internet Engineering Task Force (IETF), SPF occupies an experimental stage.  A number of competing methods share the goal of preventing SPAM via these sending server-identification records.

    for this posting

    On Tuesday, February 28th, 2006   by Chris Miller        

Messaging News: The Urgent Need to Implement Authenticated Email

This was in the January/February 2006 issue which you can get in PDF here.  I thought this would be a rather large article to read, not the total of one page that it filled around a half page shadow picture and an ad for a conference (wow I just noticed it was the same conference the author is charman of). The following was an excerpt from the article by Craig Spiezle.  Now Craig did nothing but put out the numbers and stats in my reading of it.  I should note that his title is Director, Microsoft Technology Care and Safety and also the Chair of the board.
What's New in Email Authentication?
Over the past 18 months, authenticated mail has evolved significantly from concept to implementation, with two complementary approaches: the Sender ID Framework (SIDF) and DomainKeys Identified Mail (DKIM).  SIDF is an Internet Protocol (IP)-based solution that was developed from the merger of the Sender Policy Framework (SPF) and Microsoft Caller ID for Email.  DKIM is the merger of Yahoo! DomainKeys and Cisco's Identified Internet Mail (IIM) specifications.

There is more rant to read on this below ... a search on Google for SIDF turned up some fun.

Continue Reading here" Messaging News: The Urgent Need to Implement Authenticated Email" »
    for this posting

    On Monday, February 27th, 2006   by Chris Miller        

Cadenza with Windows CE and Palm issues and solution

We have had great success and numerous frustrations with Commontime over the past could years.  Most of the frustrations were at times of upgrades.  After working with Commontime we would always get a resolution, but getting it in hand seemed to be the problem.  So this year we cornered them at Lotusphere on the vendor floor during a slow time.  It seems one of the wireless Palm Treo phones decided it could not sync nor could you set the password.

It had a default password on the screen (at least there were tiny asterisks in place of the password) but we could not tell if it was really there or something they put in.  We tried manipulating the config doc for that person in the control database to no avail.  So at Lotusphere we found out that the code version had a tiny bug that would not let you configure the password on the device.  At all.  They took his Treo for a couple hours, cleaned up some backend log and config things that get hidden and left behind (we were told) and viola, a new version gets installed on it and we can change the password on the device again.  The funny part was that calling support we were told someone there ran the same device but we could never, ever get that person on the phone to see what the deal was.

So we run the Windows CE and Palm integration in Enterprise mode on the server letting multiple device types sync.  Keep in mind that it uses two different services to do that.  The Thin Client Connector is for the Palm devices and the Commontime main service is for CE.  Both listen on different ports by default also.  Port 603 for CE and 608 for Palm.  Huge thing to know for wireless synching and firewalls.  But awesome for me anywhere I can get an 802.11b connection for my PDA.  Or anywhere the Treo can get a signal now.
    for this posting

    On Monday, February 27th, 2006   by Chris Miller        

Remote server setup and partitons, nice job Lotus!

Image:Remote server setup and partitons, nice job Lotus!
See image if you are reading this...  this is using Remote Server Setup over 8585 and a server installed with partitions needing a data move first.
    for this posting

    On Friday, February 24th, 2006   by Chris Miller        

DAMO and passthru server ability ? Why yes you can

I did some quick digging to uncover this at a customer request, or more like interrogation and found out it is possible to have Domino Access For Microsoft Outlook (DAMO) actually follow pass-thru another Domino server for mail access.  Quite cool.

Simply open the names.nsf with a Notes client for the DAMO user and modify the necessary connection records to make the proper passthru connection records.  Usually modifying the existing attempted connection to use a passthru and then making a new one to the passthru server.  I found a good way is to just email it over to an admin to open, modify it, and then drop it back on the machine for testing reasons.

If you still cannot get something to work, there is a notes.ini parameter, of course, that you can set on the client and server to log more info on passthru of

More that if we can only get policies to work against DAMO users.
    for this posting

    On Thursday, February 23rd, 2006   by Chris Miller        

Feb 2006 Sys Admin Newsletter is out..

Happy reading..
    for this posting

    On Wednesday, February 22nd, 2006   by Chris Miller        

Today’s 7.0.1 client installation update (issue)

I have seen this in previous version but do not like the way it functions if it continues on through the versions.  I accepted it at first when the idea of multi-user installation was new.  I went ahead and upgraded a couple multi-user roaming workstations yesterday to see how that went.

The installation found the path and previous install as multi-user perfectly.  That was a good sign.  It forced the multi-user option and gave the same pieces that were currently installed on the machine.  The code went on flawlessly.

The problem started when I launched the client.  It forced the setup to be run again choosing the user name, home server, TCP setting for the hostname and everything else.  Even though I did not have cleanup set on those workstations.  (Yes this is my network at home that I totally redid this weekend but that is another posting).  So I went through and recreated the setup for each account in roaming to make the kids life easier.  They never knew the difference, but then again what user knows what the admins do on the back end do they?  LOL

Image:Today’s 7.0.1 client installation update (issue)
    for this posting

    On Tuesday, February 21st, 2006   by Chris Miller        

First time (I personally) have seen this on Amgr shutdown and restart

Who has seen this before?  The ability to add AMgr executives while the other still runs?  Even after shutdown of Amgr.

tell amgr quit
Quit is pending on the Message Queue
02/17/2006 02:20:02 PM  AMgr: Some Executives are still active, shutdown continue ...
02/17/2006 02:20:03 PM  Agent Manager shutdown complete
02/17/2006 02:20:16 PM  Admin Process: Searching Administration Requests database

lo amgr
02/17/2006 02:20:46 PM  AMgr: Error adjusting number of Executive, Executive '1' is still stopping
02/17/2006 02:20:46 PM  AMgr: Only able to start '2' Executive(s); Agent Manager will continue running
02/17/2006 02:20:46 PM  Agent Manager started
02/17/2006 02:20:57 PM  AMgr: Executive '3' started
02/17/2006 02:20:57 PM  AMgr: Executive '2' started

    for this posting

    On Friday, February 17th, 2006   by Chris Miller        

Sametime server starting to hang using the integrated client? Patches and more patches


Notes Instant Messaging encounters a looping condition causing the Sametime server to become unresponsive or to hang.


Under very specific circumstances the Sametime server can receive incoming requests at an extremely high rate from the Notes client.  These incoming requests must be resolved in order for instant messaging users to communicate and share presence information.  As a result of receiving these requests at an extremely high rate, the Sametime server can become unresponsive as it consumes system resources during the processing of these incoming messages.

The Sametime servers' state of unresponsiveness may manifest itself as out-of-memory errors or by disconnecting from the Sametime Mux (which is used to route instant messages).

Symptoms of this problem can include:

  • The nlnotes process on the Notes client spikes to 100%.  Logging off from Notes client IM returns the CPU on the nlnotes process to normal.
  • The CPU on multiple processes on the Sametime server are pegged at above normal rates that may eventually reach 100%.
  • Attempting to open a chat session with another client shows the message "Initializing chat: Resolving User Name".  This is an organization-wide outage.
  • Attempting to add someone to a contact list will take an inordinate amount of time.
  • On iSeries this problem will appear as an abnormal termination of the StMux task.  You would probably not notice a CPU spike because the CPU has so much processing power available.

To fix this problem, the Notes client must be upgraded to 6.5.5 CCH1, 7.0 CCH1 or 7.0.1.  If upgrading to these versions is not an option, the administrator can request a hotfix for 6.5.3 and 6.5.4.

    for this posting

    On Tuesday, February 14th, 2006   by Chris Miller        

It seems 7.0.1 has more issues popping all over..

Here are some links to go peek at and check it out for yourself.  I take particular interest in the first one since I have never needed to shut down other applications to load Domino.  That either means it is being more tightly integrated into the shared files that are used by other applications also, or it is having a bad day.

Link1 via Chris W
Link2 via Bruce E
Link3 via Vince S

Now I have not done all the servers yet, pending what the heck happens with some of these issues.

    for this posting

    On Friday, February 10th, 2006   by Chris Miller        

HND104 slides an tools are here for download in compressed format

Thanks everyone for asking and waiting, I had to get some things done first.  Here you go

    for this posting

    On Tuesday, February 7th, 2006   by Chris Miller        

I wondered when this DWA isue would get technoted.. we saw it on a hosted customer

#1224409 and it covers 7, 6.5.x and 6.0.x


When creating a group in the IBM Lotus Domino Directory, you can set the group as "ACL only" so that this group is only used in the Access Control List (ACL) of databases.  When addressing a message in IBM Lotus Domino Web Access (DWA), however, "ACL only" groups can be selected as the recipient of the message.  If you address a message from the Notes Client, "ACL only" groups are not available for selection as recipient.


This issue was reported to Quality Engineering as SPR# MNAA5B8DAC.  There are currently no plans to fix the problem.

As a workaround, the ACL group document can be hidden to allow only the Lotus Administrators to see the document.  This will prevent end users from being able to select the group when addressing a message.  If the document is hidden, be sure to include the server in the list of allowable readers so that the group can be accessed for authentication purposes.

    for this posting

    On Friday, February 3rd, 2006   by Chris Miller        

6.5.5 issues and warning (re-editied moments later)

We have already done some upgrades to 6.5.5 on hosted and managed servers and found out that there are some design elements signed by a Notes 7 client in the release from a Lotus id.  So if you are running R5 servers or clients for sure we might see some issues and errors popping up.  I will let Lotus pop the SPR's out on the issues but I wanted to give fair warning.  I went and looked at one of the machines after the upgrade and yes, sure enough, they were there.
    for this posting

    On Friday, January 20th, 2006   by Chris Miller        

Article on cell phone radiation levels

Yes I use a headset like I really believe everyone should do.  For numerous reasons.  With the most simple reason to be along the lines of stopping people from being oblivious to life while talking.  This article shows radiation levels across numerous phone types, quite cool.  And scary.
    for this posting

    On Monday, January 9th, 2006   by Chris Miller        

DominoPower headline article today on DDM

I got the weekly update for DominoPower and the main article was a vendor's thoughts on Domino Domain Monitoring (DDM) and is it a real improvement or just a smoke and mirrors attempt by Lotus to change the name and update Events and Statrep.  I want everyone to read this article and give me their feedback and your own conclusion.  I am staying out of this for now as I have my own opinions and ideas about this business partner (as I use their product) and on DDM (as I present on it at Admin and the Domino 7 Upgrade Seminar).

I will put my thoughts together for tomorrows posting.  But that means everyone has homework.   Get to it.
    for this posting

    On Monday, January 9th, 2006   by Chris Miller        

If there is no disclaimer then it is claimed?

I have a section on message disclaimers in my Admin sessions on configuration documents and also Domino 7, then here sneaks out an issue (under the guise of technote #1220388)  with applying them in certain instances.  I like the part about the possible fixes and trying them out.  I am curious what the options actually are.


In Lotus Domino, message disclaimers no longer work when the RFC 822 phrase is enabled and added at the server level. In one particular case, a Domino 7.0 server configured for "Use CN as phrase" failed to create a disclaimer.


This issue was reported to Quality Engineering as SPR# LMES6HATES. If you are experiencing this issue, contact IBM Lotus Support to investigate whether a test fix is available for your configuration.

You can also work around this issue by enabling disclaimers at the client level. In one particular case, when the option, "Do not use phrase," was used instead of "Use CN as phrase," the disclaimer was created.

    for this posting

    On Friday, December 23rd, 2005   by Chris Miller        

I hear JINGLE bells while I SIP tea and dabble in MEEBO (anyone get that?)

If you didn't get my subject line, here is what it breaks down to:

Jingle is the new extensions for XMPP from the Jabber Software Foundation (press release from them). Basically it is an alternative to SIP, without the additional hardware.  If you have built some infrastructure on XMPP, then it will use that exact infrastructure for negotiations and setup.  What a cost savings for enterprises instead of having to create and manage SIP servers.  This might be something for IBM to investigate and get them back into linking to public IM networks.  I would not be surprised to hear they already have this being tested somewhere.

Now here is the real kicker.  Google Talk is already using something quite similar Jingle so they are pooling their resources.  Trillian has, of course, stated it will support Jingle in upcoming releases.  Who are they to be left out?

Ok, so Meebo.  Picture three friends that come up with a great idea and actually do it.  It is an ajax-based web interface that lets you log in to the major chat providers from any machine with a web browser.  They grab and encrypt your passwords after you type.  I wish SSL would pop up but the idea of this is quite fascinating.  No client locally to install, it supports most everything but audio/video at this time.  So if you are the grandparents or kiosk, one interface lets you log into the chat providers.  Mini windows are maintained in the big one, so that can get cluttered if you have a lot going on.  From reading, they haven't added Skype yet but have interest in it.  The big 4 are there and ready to go.  My first experience was excellent and I could see the promise.  Their end goal is to sell the rights to use code I imagine as the service is free and donations are accepted for all their hard work.  Emoticons and stuff need work but who cares at this point.  I was more interested in the technology and basic functions.  But then again everyone whined and Sametime is tossing them in now aren't they?
    for this posting

    On Wednesday, December 21st, 2005   by Chris Miller        

A great Websphere Portal clustering document just done

I came across this PDF in a newsletter alert this morning.  As the Portal space grows and Domino not only becomes the mail portlet, but in numerous places the LDAP source for the portal, the stability and scalability of this central point becomes a business necessity.  Imagine how your Domino mail system went from 1 to 3 servers in a cluster and now companies are busy building Sametime Community clusters.  Parts of technology are no longer for fun, they become parts of the business process.  Here is a sample diagram from the article:
Image:A great Websphere Portal clustering document just done

The document is just over 40 pages long, so quite the good read in time and material.  I will say one thing.  A Domino cluster is more like a few paragraphs compared to the complexity of performing this operation.  While I have installed Portal, I have never done this step so I plan on testing this a couple times for practice.
    for this posting

    On Thursday, December 15th, 2005   by Chris Miller        

Domino 7, iSeries and HTTP. Shake well and Panic

As reported today by one of the top notch, high quality sleeping admins here.  A customer has reported numerous HTTP crashes with Domino 7 on iSeries.  Through the magic of Automatic Diagnostic Collection and the Fault Analyzer task on our Domino 7 collection server, we saw and had in hand the NSD files for Lotus support.

PANIC: Object handle is invalid                                              
Fatal Error signal=0x00000005 JOB=HTTP/QNOTES/054112   PID/TID=124/0x0000002d

They apparently were pleased and impressed that we had it working.  We use Notes to Notes routing for all of our customers to drop NSDs to a mail-in database for collection and tracking purposes.  After Lotus received it they stated it is an exact match for some other customers and they are working on coding a patch right now.

Bless ADC and Fault Analyzer tasks in Domino 7
    for this posting

    On Monday, December 12th, 2005   by Chris Miller        

I was following Tom Duff’s post (and comments) on a Ray Ozzie post for other reasons

Instead of linking to Ray I will just link to Tom here.  But I did grab this topic I wanted to cover from the exact posting Tom was talking about.
Notes had just about the simplest possible replication mechanism imaginable.  After all, we built it at Iris in 1985 for use on a 6Mhz 286-based IBM PC/AT with incredibly slow-seeking 20MB drives.  We were struggling with LIM EMS trying to make effective use of more than 1MB of memory.  Everything about the design was about implementation simplicity and efficiency.

Besides understanding what Tom was saying about not being able to actively comment back since he is saying he has discussions (which I personally take to mean with MS people as I grabbed maybe 6 or 7 links and saw no responses from Ray), I did find the idea intriguing.

One trackback posting made a quite simple and decent comparison of the previous Pull technologies of RSS with the proposed Pull Pull of SSE.  But the initial spec has nothing noted about security or master sources yet.  But, my thought here is that it will grow into that with Ray having input and his above statement about Notes.  With the moves into XML throughout Microsoft products, enabling SSE ability is the first move into having replication in their technologies over another standard.  Instead of the proprietary Domino replication abilities.  The security and authorization has a long way to go yet, have no fear.

If we take this like school, Ray is trying to develop a new learning program on new standards and Lotus has had an established college for 20 years that has grown around some very basic roots of security, portability and simplified scalability.

The point of this posting is not how Lotus does the replication, but the far reaching capabilities it has after years of growth and enhancements.  Then Ray floats an idea to base some Microsoft work on emerging specs and the slower flocks will follow far too soon.  Take that last part and let it marinade some.
    for this posting

    On Tuesday, November 29th, 2005   by Chris Miller        

A review of a password recovery program that came to my desk today for IM packages and a question to my readers

I was hesitant at first on Advanced IM Password Recovery by Elcomsoft (they apparently do a ton of software, but Notes was not one of them), but did some research and reading on the web about it.  It clearly does what it says, and quite easily.  The freeware version is limited, it will do the task but not always give you the password depending on the complexity.  They are very up front in the readme about the few things they can or cannot do, which was nice to read.  GoogleTalk was recently added into the mix as another IM provider.

The point of all this you ask? Sametime was not listed if you peek at the images.  But imagine that it was, which in turn gives a person your Internet password.  In turn, this might sync to your Notes password.  So the question begins, how many of you maintain numerous alternate password across systems, and from web to id file?

we could run numerous directions with this one, form retention times, to forced password changes to password quality and complexity requirements through policies and registration.

Give me the feedback, I tihnk it could be a good thread this week in numerous directions, theme blogging time!
Image:A review of a password recovery program that came to my desk today for IM packages and a question to my readers

Image:A review of a password recovery program that came to my desk today for IM packages and a question to my readers
    for this posting

    On Monday, November 28th, 2005   by Chris Miller        

AOL Triton

I finally got around to upgrading to the new AIM (like Ed did a short time ago) for comparison purposes to Trillian and Yahoo Messenger.  Like Ed, I was not impressed, even with the flashy screens telling me what it could do while installing AIM Bite-On.

First we have the wonderful license which included this tidbit

(ii) FEATURE USAGE INFORMATION.  The Software may also provide AOL with anonymous information about use of AOL features and buttons on the Software. AOL uses this information in the aggregate to determine which Software features and buttons are most popular and useful to its users.

(iii) SOFTWARE ID. The Software may contain a specific identification number for the purpose of tracking the number of unique instances of the Software in use.

Now, the damned browser software proceeded to install even though I am positive I deselected it on the first screen.  Of course, it always uses the integrated browser for launching what you click and even sucks over your bookmarks automatically from IE.  Now the tabbed browsing is a nice touch that is coming out soon enough in IE.

I also noticed that they integrated streaming music to compete with Yahoo.  Nice touch, along with the drag and drop file transfers.  It seems there is not a limit but I recall back in the day there was no limit and we used ti all the time to move huge files around.  I wonder when that changed.

I didn't even go far enough to play with the emoticons or chat windows.  Once I saw the initial look, I made sure it was not set to launch when Windows starts (as most things do it seems now by default) and closed it up.  One more application to sit in the unused program directory.

    for this posting

    On Monday, November 28th, 2005   by Chris Miller        

Changing the default key strength before the first server installs

Having encountered this need only one time from a customer that I can recall, it was interesting to run across this little snippet in some documentation.  Funny how these things pop up much later when you least expect them.
Domino first server setup creates IDs with a default public key width of 1024 bits. If a different key width is required, run SETUP.EXE to install the Domino files but before starting the server, open the server's NOTES.INI file, and then set  SETUP_FIRST_SERVER_PUBLIC_KEY_WIDTH to the desired key width.  For example, for Domino R5-compatible keys, install the files for the Domino server by running SETUP.EXE, but before starting the server, open the NOTES.INI file and then set SETUP_FIRST_SERVER_PUBLIC_KEY_WIDTH=630. The public key width can be set to either 630 or 1024 when using the NOTES.INI variable.

    for this posting

    On Sunday, November 20th, 2005   by Chris Miller        

Miss the old password hieroglyphics in R5? They are there in Domino 7 still

Well, they are in the side product Notes Minder actually.  But it gets installed with Notes.  I was playing around with it today for a user complaining of mail notification and was shocked when it popped up to show this:

Image:Miss the old password hieroglyphics in R5?  They are there in Domino 7 still

The old hieroglyphics are alive and well.  They could make this little used piece of code work even better with more options, but it is respectable for what it does in the first place.
    for this posting

    On Monday, November 14th, 2005   by Chris Miller        

Second time this week I was asked a question around naming conventions..

Server names combined with DNS and just plain simplicity seem to be an issue.  Here is the rules on what you should use and can use as said by Lotus
Domino server names are unique names that identify servers in a given Domino domain.  Domino server names can consist of one or more words (a maximum of 79 characters) and can consist of any characters except: parentheses, at (@), slash and backslash (/ and \), equal (=), and plus (+). Using spaces or periods  is not recommended. If you use spaces, you must enter that server name in quotes ("") when entering a command at the server console.  As the Domino server name is also used within the given protocols name to address resolve process the use of underscores and periods can create lookup failures within different protocols.  As such they are strongly not recommended.

So no more spaces in server names please.  FQDN naming is nice for making everything work smooth, but sometimes quite long as a server name.  Common sense seems to rule.  Make the server names unique, not match the OS and keep them reasonable.
    for this posting

    On Friday, November 11th, 2005   by Chris Miller        

Microsoft talks about new features of Exchange 12 and my thoughts on them

In this week's Messaging newsletter from Network World, they talk about some expected and announced features in dwell (I mean 12).
** Exchange 12 will automatically encrypt messages by default, and communications between Exchange 12 environments will automatically share keys
** Exchange 12 will feature full text indexing and searching capabilities
** The new version will include transport rules that are modifiable via a rules editor and will include a separate set of rules for managing retention and deletion policies

I am sure plenty of people have long drawn out theories on all of this. From the initial reading, transporting the keys between different Exchange systems isn't well laid out yet.  But where is anything but server side for the encryption?  Since the users do not have local keys, there is not the individual encryption we are used to in Domino.  So the real value in this is protecting traffic across the network?  Hmmm.  Then we have the automatic sharing of keys.  I once again presume these are all in the same AD and have a master key structure much like an O in Domino.

Full text indexing and searching.  I am curious what filters they will have outside of Office type attachments for the searching.

Lastly they tossed in retention and deletion.  Is this a simple growth or does it include archiving solutions.  I was not clear on the new policies yet and there is a new interface for 12 that might explain the ability.
    for this posting

    On Monday, November 7th, 2005   by Chris Miller        

I had to comment on Ed’s posting today (Outlook and Domino via POP/IMAP)

I have been down this path over the years with numerous clients.  I have been through crit-sits and gotten info I still can't even share because of NDA and everything else with customers and Lotus.  But I can say that POP3 and IMAP on Domino leave much to be desired. (I state move to DAMO at the end for those looking to skip ahead)

Let's go back in time. POP3 had numerous issues with the unread marks and locking the mailfile.  In the old days, R5 and back, if the mailfile got locked by the POP3 task you had to restart the entire Domino server.  Yes I said entire.  Documented, read the technotes if you can find the old ones that showed:
POP3 Server: Unable to open mail file for xxx/yyy: unable to obtain exclusive access to maildrop

Large attachments caused the issue, a corrupt message could cause the issue, a bad full moon could cause the issue.  Besides POP3 being an older protocol without true load balancing.  Domino looks to the client to retain the unread table for the host it is hitting since agents or even API programs could change the Unread ID Table (see technote #1100308).

I consulted with a couple places that were looking to rollout wide scale (20,000 users or more) POP3 implementations.  My statement then and now stands at no for Domino and POP.  Forget the other issues around having mail locally, backups, leave on server, and a slew of others.  Heck, there is not even any scheduling ability.  part of the whole reason of using Domino

IMAP had issues a long time for memory leaks and usage.  When it started you would see less that 100 full blown IMAP users on a box.  That got better over time but you still will not run as many Notes or DWA users.  Once again we are back to full failover ability.  IMAP does a fine job of reading the folders and letting you work online, but the back end processing through Domino 6 left some to be desired.  Scalability still has reported issues in Domino 6, technotes and all.  No room for discussion.

Editor note: I have not tested this in Domino 7 yet so everything might be peachy keen now.  But not many are to the point to upgrade and I don't have the client load of POP/IMAP to test.  Or a desire to configure a load tester for that.

So to close on Ed's posting, why not move to DAMO if you want the Outlook client.  Move to DWA, move to Notes.  But let's get off the older standard of POP.  The servers were made to be a simple storage facility for mail until the client could access it and grab it from the server.  Then someone got smart and asked why don't we leave it there so I can get it in more than one place.  Great idea, sounds like this needs to move to a server type application.  I understand this was before web mail and some client technologies took off.  I am not disputing that.  But why not sell the abilities of scheduling (not POP as I mentioned), clustering (not POP), alternate client access to the same data (not POP as the unread tables are different) and richness of doclinks and other cool things.
    for this posting

    On Friday, November 4th, 2005   by Chris Miller        

Replication Topology 205 - Tiered (Binary Tree)

Prerequisite: You must have completed Replication Topology 101 - the basics (which was done in July) and 102 and 103 and 104 now also before completing this course. :-)  I know I have taken my time on these but I find too many other things come up, plus it keeps you waiting for the next one.

Welcome to the graduate level course material (as
Tom Duff said it should be) !!!!

HOMEWORK:  From now on you are required to draw out the topology for your environment at each level.  Even if you are doing it for future planning or hypothetical looks.  This is a learning experience folks.

Here is what I said about Tiered (Binary Tree) topology:
Taking the hub and spoke idea a bit different, a central servers updates two or a few servers.  Those servers update two or more each and so on down the pyramid.  This works well if you have some good network connections to a few servers and then those have some decent speed to downstream servers without the top having that speed access.  Otherwise you could go back to hub and spoke.  The downside is that in a large tiered environment, it can take some time for a change to go up and down the tree if they do not share a parent server all the way to the top.  I have seen some tiers that cross somewhere in the middle to alleviate that and leave the top server for administration and NAB master

The Good:

A well thought out tree keep the data flowing; makes it locally available and with multiple tiers it can move between localities even if the connection is down to the main servers.  This is a great solution for multi-continent deployments or in countries that have Internet connectivity issues to the outside world.  Imagine a tier in America, Europe and Australia.  All the top level servers from each country then tier up to one other server in China.  If the link to China goes down, each country will still have the updates from all sites within itself.  Later, the rest of the world will catch up.

This idea also gets around timezone difficulties.  Data is most important to other sites in your timezone (in most instances, yes there are some corporate apps that rely on HQ but that is a side class).  So moving it between multiple cities to the top tier in that country keeps people happy.  You could some more tier levels into the mix, but for homework, draw one out for your company, no matter how big.

The Bad:

I said it best in the outline from the very start.  You can spend an enormous amount of time if you build the pyramid too large.  Imagine how it was done in ancient times.  One large stone was carried from the bottom to the top, very slowly.  You knew it was coming, you could see it in the distance down the great pyramid, but it took forever to get to the top so you could build on it.  Then the call has to go all the way back down the other side to let them know it was there.  Companies try to get around this by speeding up the cycle time in between each hop.  However, your schedule could become faster than the replication time of the data and you start to miss things until it can catch up.  I recently saw this with a DMZ at one corner of the pyramid.  During the day it was trying to keep up the fast 7 minute cycle that was set.  However, they noticed some data not showing for 2 plus hours.  Looking in the logs we saw that it was never finishing at the time the most data was being updated all over.  Then when the day slowed down or at night, it could easily catch up.  This also had to do with bandwidth being utilized, but it all adds to the issue.

We had strike #3 already, I guess this is the start of out #2 in the graduate level class.

    for this posting

    On Wednesday, November 2nd, 2005   by Chris Miller        

Automatic Diagnostic Collection..and Domino 7

Now I know my good buddy Susan started to talk about this, and only hinted at what was coming.  But now that we moved everything internally to Domino 7, it made much more sense to consolidate all the collection from both managed and hosted server to a central repository that could start to analyze for us.  Domino 6 did a fine job of collecting the data, and I enjoyed the single place to look for faults.  But the ability to analyze them just makes us all smile more.

Now the catch was that I wanted to use the wildcard document to configure everything, but I do not want the Fault Analyzer task running on all the servers.  So I did have to create a new config doc just for that server, which isn't what I wanted but works.

Size restrictions of the Faults are not a problem across any of the customers, so we are going with Notes to Notes traffic.  No size issues to speak of through router restrictions either.  I will put a snapshot of the config (maybe Visio) shortly
    for this posting

    On Friday, October 28th, 2005   by Chris Miller        

I get asked how to do the presence awareness icons on my blog

I do mine for all the IM services on the left through a specific server/host.  It makes life easy to have a standard icon set for look and feel.  But AOL went a recent step further with the new AIM Presence service.  It actually covers the icon for online/offline/1 way mobile/idle/away quite nicely and very tiny.  They dump the small code out for you to toss into you blog or website after you register (basically providing your online name so it can dump the code to you for cut and paste).  Now the other part is that there is a key that gets generated that expires after a certain amount of time.

After registering there is an Advanced Developers area for an XML interface with more metadata.  I was thinking about this and it would be cool to have the online status next to people in my blog listing too.  Hmmmm.

But be aware of this last part if you restrict who sees you to your Buddy List

Why can't visitors to my Web site see my online availability?
If you have chosen to utilize the Allow List feature in AIM, other users will not be able to see you online unless they're on that list. Check your privacy settings to make sure you aren't blocking anyone unintentionally.
If you are online but invisible, other users will see you as offline

    for this posting

    On Thursday, October 20th, 2005   by Chris Miller        

In NYC for a few days doing an audit

This site had an administrator 'removed' some months ago and have been hanging on with some basic skills from other IT folks.  What they soon came to discover was that the 'removed' admin left a mess in some areas.  Apparently there was no change control or structure.  Basically the person was able to do what they pleased.  Even in terms of debugging, logging and journaling mail.

The scary part always comes out though.  The admin that left had a copy of the default system id that not only signs a lot of the agents, but has Full Access to all files and even encrypts the mail journals.  With no audit trail of that id usage, it is impossible to tell if someone outside of the current team has used that id recently.  They also do not run password checking/digest so it leaves a nice gaping hole.
    for this posting

    On Tuesday, October 11th, 2005   by Chris Miller        

Remote Server Setup and ports and more ports

Yes my main PC is about 90% in working order after a rebuild and constant loading of programs to get it back right.  So IM is back, Notes 7 is there and in place and a ton of other necessary software that I found I use a lot.  I also found that I do not use a bunch of things so I am leaving them uninstalled until I find myself looking for them.

A question came today about Remote Server Setup when connecting over a VPN where the standard port for setup of 8585 is being blocked.  TO get it unblocked took more than some time, three turns and clicks of heels.  So I went digging.

In the local Remote Server Setup client you can select the host and port (see screenshot), but the server mode is not well documented.  I actually restricted my search from Google to the Notes.Net site and found a Z/OS document that shows the simple command to do so.
nserver -listen newport

How simple is that?  Quite!  Except we could not find it documented anywhere until this search.  If you know where it is other than that let me know.  Maybe it will sneak out in a technote.
    for this posting

    On Tuesday, October 4th, 2005   by Chris Miller        

If anyone has ideas (or even cares), my harddrives switched letters

OK, my main work Windows XP machine went boom yesterday at some random time while I was working and after some digging I found that the C and D drive letters have switched.  Basically making the thing constantly go in a reboot cycle since it can't find anything.  I will gladly rebuild the machine, but I would like to boot once to move the data nicely off.  The E and F drives stayed just fine, but those first two went wacky.  No, the CD ROM is not one of them, I have that way down the alphabet chain.

I am busy looking for Partition Magic in the office somewhere
    for this posting

    On Friday, September 30th, 2005   by Chris Miller        

Thoughts on the webcast

Some great content and I heard a ton of questions were out there pending.  Look for those in the forum at website shortly.

Ed Brill
  • Great job as usual.  He is at the point now where Ed probably murmurs competitive things in his sleep.  He got a question on Outlook and how does the GUI compare or how was it enhanced Domino 7.  We all know Hannover addresses this issue even more.  Basically people, Lotus is saying it does what you need since the 6.x days, but looks a little different.  Heck, I don't like some of the UI in Outlook, so why is it so much better?  Let's call it training!
  • Another asked about Domino Access for Microsoft Outlook and enhancements.  DAMO in 7 is using the same template as 6.5.4 uses for now.  Great idea to get that out the door in time with 7.  I imagine when the point releases start coming out, some more fixes for DAMO will  be there.  I also imagine that some new bugs might be found when using the back-end of 7

Rob Ingram, lead Domino Product Manager
Benchmarked improvements was a highlight hit often with Rob.  He did well also.  Here are two screenshots:
Image:Thoughts on the webcast

Image:Thoughts on the webcast
Ok, maybe I am off but they did not hit 30 something percent improvement even according to their own charts???  I will let that one go with the thought that the improvements in performance are definitely there.

Then he made me sit up in my seat.  Finally a new benchmark that addresses what the old ones missed, real world activity!!!!

Mark Jourdain, product manager , Application Development, Domino Designer
Mark did very well also.  Even though he had to cram the last slides in at the end due to time.

Mark got a question on a rumor that LEI would be included with the server for free.  Come on now, they charge like $50K per processor retail for that product.  Per sale.  DECS has been around got some a little better over the years, but I am guessing that you will never see that full type of LEI featureset in the core product for some time.
    for this posting

    On Wednesday, September 28th, 2005   by Chris Miller        

From a customer today wanting to use existing users (R5) on Domino 7 servers

Now this adds a twist to their deployment since they were waiting for the upgrade to the clients (R5) but have been moving ahead with the servers (yes through the 6.x codestream and now are ready for 7).  Do not ask me why, I am not one to question, only guide, prompt and take into back alleys and beat senseless.

Compatibility with previous versions

Will there be support for Forms5.nsf on a Domino 7 server?  

  • The iNotes5.ntf template will not be included with Domino 7, so you cannot create Forms5  users from the 7.x Domino Administrator client; however, the Forms5.nsf has been updated to work with Domino 7 and is included with Domino 7.
Will there be support for iNotes5 users on a Domino 7 server?
  • Domino 7 is backwards compatible for existing iNotes5 users; however, you cannot create new iNotes5 users using the 7.x Domino Administrator client.  IBM Lotus does  support upgrading existing users; we do not support creating new iNotes5 users on Domino 7.  
So in other words, we already know R5 is out to pasture in 4 more days, so let's move those old ones along and get the new breed installed
    for this posting

    On Monday, September 26th, 2005   by Chris Miller        

Error: Did not accept the new certificates because they were not issued after the current certificates

Well isn't this just the information one?  What certificate?  What is the date in question?  The user attempting to be recertified or the certifier itself?   After checking admin4.nsf and investigating the person record as well as certlog.nsf ; all became clear.

This error will get spit back by AdminP when the server date is set too far behind.  Someone in their brilliance was able to set the server clock to 2004
    for this posting

    On Friday, September 23rd, 2005   by Chris Miller        

I attended an IBM CommonStore session today, thoughts on it

It was a simple 2 hour presentation sponsored by an IBM BP who got their 5 minutes of talk and then the IBM Solutions Specialist took over.  In  the room was only about 8 people, 1 of which had Exchange.  The remainder was Domino.  The first hour and fifteen minutes was all about what it could do, some component slides, blah blah blah.  We asked a few questions as it went along, but waiting for the demo was the key.

Ok, so the first part of the demo was Outlook and Exchange.  He was using VMWare to show the servers and clients running all together.  I paid attention but that is not what you are here for.  We took a quick 5 minute break while he loaded the Domino VMWare to show us that.
  • Template modifications are necessary to add the necessary action buttons and menu items.  Not a big deal overall but he stated they stay about 6 months behind major Domino releases so nothing for 7 yet
  • You have the ability to grab just attachments or the whole body to archive off.  You can also specify certain parameters based on date/time/size of message/size of attachments/etc/etc to grab for archiving.
  • You have the choice to leave the small stub in your mailfile and then retrieve from there.  Or remove the stub and use the CommonStore interface to get it back.  This runs from a web browser over SSL (we were told and saw it looking for SSL requests in the background on a console)
  • New icons are used to designate that the message was moved to archive.  I took issue with the icon choice since in Domino 7, that same icon appears in the lower right of your client (between the access icon and IM component) to let you know that messages are signed or encrypted.
  • Signatures on all emails get broken since the document is opened, things deleted, lines added and then it is saved.  So you get the old error that document might have been modified or corrupted since last signed

I could go on for some time just explaining, but if you have an archive policy setting that works with some journaling of all or based on subject/sender then you have a lot of what this does.  Yes there are some features and benefits that revolve around compliancy.

Now another thing should be noted is that they push the idea of Single Copy Object Store heavily in numerous slides and conversation points.  We all know the old versions of SCOS in Domino were not the best, but they touted it like Domino cannot do ti either.  Interestingly enough it was pointed out that with archiving, journaling and SCOS in Domino you have all of what they have in databases that are still searchable.  In reality, unless you have some strict recoding/archiving needs (SEC, HIPPA, S/O) then all you are doing is pushing the mail onto yet another machine that needs backup, maintenance and management.  The product will hit mailboxes on most platforms, but only runs itself on Windows and AIX.  So all of you that invested in iSeries to get away from Windows, break out the old hardware and add tons of disk space.
    for this posting

    On Thursday, September 22nd, 2005   by Chris Miller        

Sametime cluster catch-up : the final day

It took a few days to get this out of me, but here we sit.  The cluster was built.  The legacy chat and meeting servers were still in existence also.  The next big tackle was making them all works together, that includes passing the authentication tokens around.  Apparently, Sametime tokens are like hot potatoes and no one wants to hold them.  The music stops and you have to leave the chat.

That might be a little strong.  It is more like the new kid at school being put in a locker and no key.  You have the option to choose LTPA only, or LTPA and tokens.  We had deselected the option to allow the tokens and even removed the stauths.nsf database as it was not needed for the secrets.  The database stautht.nsf should never be replicated as it contains server specific info.

I am about to leave you sitting here wondering if there will be a part 2 to the saga.  I am sure there will be.
    for this posting

    On Monday, August 29th, 2005   by Chris Miller        

Continuing the Sametime clustering catch up - Day 2

This time I was lucky enough to find 3 access points but all were WEP.  Bummer.  So this time I found a cool tiny Thai place for dinner.  The service was fantastic at Thai Basil.

But down to business.  I know part of the customer team reads this daily (however we know that the IBM'ers here do not and have no idea what they are missing right?) and are expecting a lot.  But I won't let too many secrets out.  In my eyes the basics of the cluster are a success.  There were modifications to be made to a class file that searched and modified the appearance of the Sametime home server when using LDAP.  But they also had some other customizations that we have to build back in.

Replacing the Home Sametime Server (HSS) is a main key of Community Clusters.  Proper DNS plays a major role in this since we are parsing the server name with the LDAP queries.  Integrating this new cluster with an existing Sametime chat server (during the migration time) and then the internal and external meeting configuration is all still to come.

We did somehow manage to make a Sametime admin client that only did Meeting Services.  How we got it, we don't know nor did we spend the time to work it out.  But it was blue (from the new Sametime FP1 for 6.5.1 changes. Yes, this means that IBM put a blue IBM banner at the top for branding above the normal yellow.  The only strange part was that the product title was called IBM Lotus Web Conferencing.  I wonder what happened to the Instant Messaging part of that title bar?  And now it goes back to Sametime.

I am definitely full from the Keang Keow Wan (Thai green curry with chicken, medium spicy) and a dessert that was recommended.  Fried bananas with mango and green tea ice cream.
    for this posting

    On Tuesday, August 23rd, 2005   by Chris Miller        

A day in the travels (and Sametime catch up from May)

I started the threads and posting back in May to a nice set of comments wanting to know the outcome and what the final solution was.  Well I shall unveil it to you this fine day in August.

The customer stuck with the F5 solution.  Testing went well over the past few moths and the actual server hardware arrived and got loaded with the operating system of Windows 2000.  The current plan is creating an exact duplicate of the single, existing Sametime server and moving that into the cluster architecture.  Which in turn, mirrors the test cluster we built in all the configurations.  Let me bring one point to the front that you should know and is verified in technotes.  Make sure you have a
loopback record in stconfig.nsf and the world may be at peace.  Not really, but with some proper planning, good budget, etc etc.

Ok, that is a bit strong as there is a myriad of patches and the recent FP1 to be applied to 6.5.1 of Sametime to start.  Interestingly enough, moving the database across that had transaction logging enabled threw a bit of a wrench in the works for a few minutes.  Some compact -t to remove that flag assisted.  We ended up with a corrupt NAB on one server for some unknown reason, but replacing that made the universe at harmony once again.

So how are we moving from the single server to the load balancer and having two new servers as a Community Cluster?  Sounds like you will have to wait until after the sauteed mushrooms, pesto basil pasta and tiramisu at my current location.

    for this posting

    On Monday, August 22nd, 2005   by Chris Miller        

Replication Topology 103 - End to End

Prerequisites are Replication Topology 101 (the basics) and 102 (peer to peer) before you hit this one.

From the beginning, I gave a scenario of how it looks
Basically data starts on one end, passes through multiple servers through replication and then comes right back.  Timing becomes and issue to make sure that data can make it all the way down and back before the next baton is passed.  Think of it as runners that pass the baton, and if one runner takes off too early, who knows where the baton is.

So I hopefully already broke you away from the idea of a meshed environment in class 101 due to the sheer number of connection records that are possible and messy management.

End to end offers it's own set of benefits and pitfalls, of course.  If you can imagine your science class from way back in elementary school.....where they gave you a stack of batteries and a bunch of light bulbs.  You were then told to light them all up.  The first thought is batteries, then wire to next bulb, then wire to next bulb and so on until they were all connected.  Well if one went out in that serial connection idea, then everyone behind them went out.  So the teacher taught you about parallel connectivity to get around it.  Which end to end does not do in the true form.  Any variation moves it towards circular or even tiered architecture (with a bizarre slope).

The benefit is that data passes along in a cycle, reducing replication conflicts.  Save conflicts are entirely different as people across the string could be editing the exact document on every server.  Timing, as I mentioned, also becomes and issue since it could run any amount of time to get the data back and forth.  If a server or network is down, the others will replicate as scheduled, yet that missing link in the middle brings the idea of timeliness to a screeching halt on each end.

The end result is a long line of servers, spread in the same room or geographically, that have a start and end point.  Sure, you can argue that every topology has a start and end point.  But with the proper hub cluster setup, only an individual spoke failure would affect any users.  In end to end design, there are too many holes along the way.
    for this posting

    On Tuesday, August 16th, 2005   by Chris Miller        

Lotus Technote #1212699 for DCC


The Dynamic Client Configuration (DCC) process is vital to several features of Lotus Notes and Lotus Domino 6.  This document will help Notes/Domino administrators find the information needed to better understand and troubleshoot this process.


What is Dynamic Client Configuration (DCC)?  
DCC is a Notes client process that synchronizes certain information between Notes clients and Domino servers.  The DCC executable, ndyncfg.exe, is located in the Notes client program directory.  

What does DCC do for me and my users?
It does a lot!  To begin with, DCC populates the Client Information section on the Administration tab of Person documents.  DCC is also required for the proper operation of certain AdminP processes such as "Move Mailfile" as well as new Notes/Domino 6.x features including Policies and Roaming Users.  So, if you encounter issues with any of these processes/features, remember to troubleshoot the DCC.

What triggers DCC to run?
Dynamic Client Configuration runs when the user authenticates with their home server, and either their Person document has been modified, or their assigned Desktop Policy has been modified since the last authentication.  DCC is designed as a push mechanism only from the server to the client.  The DCC updates settings on the user's workstation based on the current settings in the user's Person document and any Desktop Policies that are in place.  For example, if changes are made to a user's Person document, DCC will detect the changes when the user connects to the server, and then push the appropriate changes down to the client.  

How can you confirm that DCC is actually running?
By default, the DCC is installed with every client and runs daily at the first user authentication with the server.  When DCC executes it adds the following lines to an entry in the Miscellaneous Events view of the local LOG.NSF:

How would you know that DCC is not working?
An easy way is to look in the Domino Directory (NAMES.NSF).  There should be Client Information on the Administration tab of each Person document.  If that information is missing, or the information is there but not up to date, you may have some DCC failures.  Also, if your policies, especially your desktop policies seem to skip certain people, that could possibly indicate a DCC failure.  This also applies to roaming users and mailfile moves via AdminP.  For additional information, refer to the technote titled "Known Policy Issues with Dynamic Client Configuration" (#1137728).  If you have intermittent failures, you may need to troubleshoot DCC.

What could prevent DCC from working properly?
One common cause for DCC not working as expected is that it has been disabled.    Although DCC was available in Notes/Domino 5, it was not required for many features.  Therefore, users and/or administrators may have disabled it.  If you find that DCC is not running, here is what you should do:

  • Check the NOTES.INI on the user's workstation.  If the "DisableDynConfigClient=1" entry is present, remove that entry.  
  • Access the properties of the user's current Location document (e.g., select "Edit Current" on the Status bar, and then select File -> Document Properties).  On the Fields tab, look for the "AcceptUpdates" field.  If this value of this field is set to "0" (zero/zed), then you must enable DCC by performing the following steps:
1.  Open the current Location document.  
2.  Select Actions -> Advanced -> Set Update Flag
3.  When the prompt "Allow administrators to keep this location's settings up to date  with those settings on your mail server" appears, click "Yes".
4.  Save and Close.
  • If DCC still does not work after performing the steps mentioned above, you can remove the address book preferences in the user's personal address book (i.e., the client copy of the names.nsf),as follows:
1.  Open the user's personal address book.
2.  Select Actions -> Remove Address Book Preferences.

What do Address Book Preferences have to do with DCC?  
Good question.  When you select the option to "Remove Address Book Preferences", you are actually removing the directory profile document (directoryprofile), which contains something called $DynInfoCache.  With this document deleted, the cache will be completely rebuilt when the user re-authenticates with their home server .  Note that, the user will need to re-set certain items if they have customized the preferences of their personal address book (e.g., the group sort order, the format of contacts, and the address format).

Are there any known issues related to DCC?  
There can be, but as of Notes 6.5.4, most known issues have been fixed.  However, since you may be running earlier versions of Notes 6.x, here are some issues you may encounter:
  • The IBM Lotus Sametime server field (Location document -> Server tab) does not populate properly.  For the details on this known issue as well as the workaround, refer to the technote "Dynamic Client Config Does not Update Sametime Server in Location Doc" (#1156427).  Note: This issue is fixed in Notes version 6.5.4 and in the Cumulative Client Hotfixes for Notes 6.0.4/6.5.2 and 6.5.3.  
  • Two specific issues about DCC not updating Location documents, one that involves Notes clients running on a Macintosh, are discussed in technote "Dynamic Client Configuration Does not Update Location Documents" (#1137646).
  • For descriptions of other common issues with the DCC in previous versions, refer to technote titled "Known Policy Issues with Dynamic Client Configuration" (#1137728).

    for this posting

    On Sunday, August 7th, 2005   by Chris Miller        

All my postings on DCC seemed to have hit home

DCC (dynamic client configuration or ndyncfg.exe) still is one of the top searches on my blog and from Google.  I know that the series I did on it (and talked about again back in Jun 2005) struck a mark with Lotus.  I was happy, and dismayed, that they put a whole technote together on the topic last week.  Look up technote #1212699 on the Lotus Support Site if you desire.  Or just search on here.  I will toss it out here in an unlisted homepage entry for searching purposes.
    for this posting

    On Sunday, August 7th, 2005   by Chris Miller        

Replication Topology 102 - Peer to Peer (Meshed) exposed

Prerequisite: You must have completed Replication Topology 101 - the basics (which was done in July)  before completing this course.

Sorry for the delay, but other posts were taking precedence. So let's get right to it.

One of the dilemmas when building out the infrastructure is how to start the replication topology after you break away from just one server. Let us not debate why someone does not have a cluster, just live with the fact that plenty of sites out there still have a single server.  When there is two servers, it should be obvious.  One calls the other and it is done.  Add a third to the mix and decision making seems to evaporate faster than spilled drinks in Las Vegas right now.  For some reason, some admins find it necessary to create a replication connection from one to every other server over and over (Please note the spaghetti reference from class 101).  Instead of planning a hub architecture right from that point, the confusion begins.

The good part of this topology is that there is no dependence on a hub server in case of failure.  If you have 3 servers with all these connections, and one fails, 66% are then still in sync waiting for the third to come back on-line.  Awesome idea.  You do not eliminate everyone having current data with a failure.

Yet, most admins want the data to replicate every few minutes all day long.  Amazingly at the same exact start and end times with the same interval in each connection document.  This leads into two things:
  1. Large possibility of replication/save conflicts as data access and updates take place.  If this application needs that much replication, you can bet it is getting updated regularly and by numerous people.
  2. This is like the 1¢ slots, you play those, soon the 5¢, then 25¢, then 1$.  Soon you are betting large on the roulette table that you make document 1 get to server C cleanly and in some timely fashion.

SO what does all this get us.  Peer to peer almost works for two servers, yet calling each other back to back doesn't really make sense.  So start thinking about which should be the hub and plan accordingly.
    for this posting

    On Monday, August 1st, 2005   by Chris Miller        

I got Plazes working on the blog

I love this little tool, makes tracking and location updates so much easier.  Let's see if it messes up the alignment on the table sections too much though.  Ed got me looking at it and I liked the idea.
    for this posting

    On Wednesday, July 27th, 2005   by Chris Miller        

My Advisor2005 presentation files

Here is a zip file of the three presentation files with all the updates.  Let me know of any questions!!

Comments Disabled

Two Domino 7 Beta 4 issues I encountered

The first issue was during the server upgrade from Beta 3, the Windows service vanished.  Just poof, gone.  Of course I went into a command prompt window and did ntsvinst -c  to get it back.  After some reading on the beta forum, it was noted that...
... it was expected to be fixed in Beta4 but unfortunately it didn't get into this build.  It has been categorised as a 7.0 ship stopper so it should be fixed prior to GA.

The second issue was after upgrading the client form beta 3 to beta 4.  I was getting an error on the Welcome Page.  The client would still open, you just had to get past the error.  It then gave a gray area on the Welcome Page but rendered the rest of the information correctly.
Formula Must Evaluate to Text

I heard back directly from some of the wonderful folks at Lotus stating that they thought this had been fixed.  So they gave a fix that involved either replacing bookmark.nsf with the new one they put in the forum, or following a set of instructions they provided.  Here it is for anyone that needs it.  Thanks to Debbie for getting it to me so quick.
Open bookmark.nsf in designer
Go to the Views
Click on the view called (Downloads) and click Design - Preview In Notes

You will most likely see two $branding documents there.

If you do, go to the "multiple $branding documents" section below.

If instead you see two documents with the exact title of $branding4AA10721D4DE2AFF85256D4F003B84B4  go to "multiple $branding+UNID documents" section below.

multiple $branding documents
Look at the far-right column for the UNID's of the $branding documents.
Select the $branding document that does NOT have a UNID that starts with "3493F249..."
Press DEL (ignore error message)
Press F9 key so that the $branding document is permanently deleted from the database
Close the view
Close Notes and reopen.
The "Formula must evaluate to text" error should not appear.

multiple $branding+UNID documents
If you see two documents with the title of "$branding4AA10721D4DE2AFF85256D4F003B84B4"  
Look at the far-right column for the UNID's of these documents
Select the document that does NOT have a UNID of "3887F989A309670F85256F97004F"
Press DEL (ignore error message)
Press F9 key so that the $branding document is permanently deleted from the database
Close the view
Close Notes and reopen.
The "Formula must evaluate to text" error should not appear.

    for this posting

    On Wednesday, July 20th, 2005   by Chris Miller        

Since I have a lot of cell phone junkies that read my blog, a study on radiation per phone

Just a quick link.  This hit home when I realized that I live my life on my cell while on the road.  But, I wear a headset about 90% of the time which greatly reduces these numbers.

Cell Phone Radiation Chart
    for this posting

    On Monday, July 18th, 2005   by Chris Miller        

Replication Topology 101 - the basics

Recently this has become a point of, well not frustration, but amazement.  I think I finally got ahold of the answer today though.  When admins are new in a small environment, they don't always get the training they need on how to grow the domain.  So they do what they know best, just go and make it work.  Unfortunately, once your domain starts growing too fast and large, the lack of the basic training becomes the Achilles heel.  So I took it upon myself to right the wrong by throwing this little primer out there.  Oh, there will be some to follow.  This is to get the feet wet of those that need it.

There are a few options of topology design when you have multiple servers in a Domino domain.  You can classify the architecture in a few different ways:
  • Hub & Spoke - A typical design where a central server pushes and controls changes to all the servers around it.  You update one central source and everyone gets happy eventually.  But, if there are too many spokes, you can have times where the hub cannot reach all the servers during a cycle.  So you moved to the next couple ways.  The other downside relies on one central server for all updates.  If the hub dies, so does the topology.
  • Multiple Hub & Spoke - Here there is more than one hub, possibly even in a cluster, that handles the updates to their own sets of spokes.  This allows redundancy for the centralized architecture and lets the servers make the rounds updating the spokes.  This works well in a good LAN speed environment.  The downside, not too many if the central hubs are in a cluster.  That way data can pass across spokes fairly quickly on opposite sides.  If there is no cluster, see above.
  • Tiered (Binary Tree) - Taking the hub and spoke idea a bit different, a central servers updates two or a few servers.  Those servers update two or more each and so on down the pyramid.  This works well if you have some good network connections to a few servers and then those have some decent speed to downstream servers without the top having that speed access.  Otherwise you could go back to hub and spoke.  The downside is that in a large tiered environment, it can take some time for a change to go up and down the tree if they do not share a parent server all the way to the top.  I have seen some tiers that cross somewhere in the middle to alleviate that and leave the top server for administration and NAB master.
  • Ring  - Simple enough, servers call each other in a circle updating, adding and deleting as it goes.  The downside relies on a large ring where it can take some time to get all the way around.  Also, if one server in the ring goes down, so goes the cycle.
  • End-to-End -  Basically data starts on one end, passes through multiple servers through replication and then comes right back.  Timing becomes and issue to make sure that data can make it all the way down and back before the next baton is passed.  Think of it as runners that pass the baton, and if one runner takes off too early, who knows where the baton is.
  • Meshed (or Peer-to-Peer) - This is basically random servers that call other random servers.  It is all made with some reason when laid out, but you are never quite sure how or when data is getting to somewhere else.  It just shows up.
  • Spaghetti - This is the last result and the most frustrating.  Admins just create connection records form one to all the others, over and over again.  For each server in the domain.  Replication conflicts occur, the servers have no idea who owns the database, and design changes fly everywhere.  I usually encounter this when doing audits of domains where they keep patching and adding band-aids instead of fixing the real issue.  No topology design.

So there we are.  We can now mentally picture multiple types of topology right?  But the path of decisions is yet to come.

    for this posting

    On Thursday, July 14th, 2005   by Chris Miller        

Who makes the policies around there?

I just happened to catch this article through RSS.  It was written by Michael Osterman of Osterman Research.  With the data he gathers I always try and peek at some of his summaries.

I actually present some of my thoughts in my sessions around IM and mail management and policies.  Most enterprises have some form of Internet (browser) usage policy in place that the employee signs when getting hired.  Most of those seem to be done in combination of HR, for harassment issues,  IT for technical and virus type issues and finally someone concerned about legal reasons to restrict content.

The availability of email policies if very light.  Most only consist of notifying the employee that the email system is the company property and not to use email to transmit personal email (yeah right) and confidential emails.

IM policies seem to mainly be nonexistent everytime I ask the question.  Surprisingly they only know they are told to standardize and block consumer products  But nothing else.  The problem fits your article well.  No one wants to step up to the plate and restrict what is becoming a mission critical application.  No one group wants to take the blame, or downfall or making a policy for IM usage that does not fit every department.  Plus, there seems to be plenty of people that needs exceptions to the rules.  ie: Sales for outside contacts (who can find the SIP/SIMPLE standard that actually works across two different products all the way?)

OK, that was starting to turn soapbox, let me stop.  Do you have all the necessary policies in place?
    for this posting

    On Wednesday, July 6th, 2005   by Chris Miller        

A secondary lesson in SIP

So to make this simple and grab a great image from the Lotus whitepaper I tracked down from Mar 04, a brief part on how SIP works in visual description.  Alice makes the subscription to know about Bob's status (no, not like a dating service).  When the status changes for Bob in any way, the server notifies Alice.  Quite simple right?

Image:A secondary lesson in SIP

SIP uses the Uniform Resource Identifier (URI) as an assignable tag for the reason of subscription and notification.  In this case the URI would be Bob's email address.  You can think of your phone as a URI since it identifies only your house or cell phone.

Once cool thing about SIP is that any user can register numerous devices to be assigned and then (with technology) each device can be tried at once or in order.  The phone company does this now when you call a main phone number which then rings your cell and then a pager if necessary.
    for this posting

    On Thursday, June 30th, 2005   by Chris Miller        

Did you suffer through the Blackberry service outages?

We support Blackberry's here for customers and luckily did not have much effect from the outages but know of those that did.
The Canadian company said a second North American outage on Wednesday was the result of an unrelated "hardware failure." A RIM statement said a "back-up system functioned with lower capacity than expected and the lower capacity then caused latency in message delivery for some customers."

RIM declined to elaborate on the number of customers affected or the nature of the software and hardware involved in the two incidents. The company also seemed to dispute the magnitude and length of last week's disruption.

Cellular carriers Cingular Wireless and T-Mobile said on June 17 that service for all of their BlackBerry users--at least 1 million people, but probably many more--was down nationwide nearly four hours.

Has Blackberry implementations become a required commodity at your enterprise like the phone and IM are?  Is their major upheaval with this kind of outage or do people get along fine without the Blackberry for short amounts of time?
    for this posting

    On Tuesday, June 28th, 2005   by Chris Miller        

Microsoft says "Write down your passwords" ?

Need I say more?
Companies should not ban employees from writing down their passwords because such bans force people to use the same weak term on many systems, according to a Microsoft security guru.

Speaking on the opening day of a conference hosted by Australia's national Computer Emergency Response Team, or AusCERT, Microsoft's Jesper Johansson said that the security industry has been giving out the wrong advice to users by telling them not to write down their passwords. Johansson is senior program manager for security policy at Microsoft.

Now where did I put that piece of paper I wrote the certifier all my password(s) on?

    for this posting

    On Monday, June 6th, 2005   by Chris Miller        

A LDAP issue that many can learn from

Imagine if you will......
 a Domino environment running for some time under R4 into R5.  They aggregated a while ago into the Domino Directory for LDAP (as well they should right?) and all was well.  They were point to attributes, pulling information, authenticating.

Then the upgrade to Domino 6.  Some authentication and lookups stop functioning.  The schema database was recreated properly.  Some applications still work great.  Yet some lookups are failing now from some other systems.  Binding works fine and all use the same account to bind.  What oh what could it be?

In Domino R5, the LDAP attribute Shortname was set by default.  It mapped to the field "Shortname" in the Person document.  However, in Domino 6.x this attribute does not exist.


Both Shortname and UID map to the field "Shortname".  In Domino 6.x, the attribute Shortname was removed as this was redundant.

It is possible, however, to add the attribute with the following steps:

1.  In the Domino Directory create a Configuration document set to be used as the default settings for all servers (on the Basics tab).
2.  On the LDAP tab, in edit mode, click the "Select Attribute Types" button.
3.  In the drop-down box "Object Classes" select dominoPerson.
4.  Click "New", type Shortname in the New Field window and click OK.
5.  Click OK for the LDAP Attribute Type Selection window.
6.  Save the Configuration document and restart your server.

Supporting Information:
NOTE:  The above information applies only to anonymous searches; this does not actually add the attribute back for LDAP.

The document titled "LDAP Queries On "Shortname" Fail To Return Results" (#1160538) describes how to put the shortname back in the schema, and so would then work for authenticated searches.  Both steps must be performed for authenticated and anonymous searches.

    for this posting

    On Thursday, June 2nd, 2005   by Chris Miller        

Well it is going, think I

Ok so we saw Star Wars last night at the midnight show and everyone is still talking like Yoda.  Luckily that did not fall over into my first session.  Carl Tyler and myself are playing tag team on instant messaging and web conferencing today to a full house.

Here is the one tip that made it into a new slide yet no the actual cd's that went out to attendees.  You can troubleshooting the integrated Notes client connectivity for Sametime by using a notes.ini parameter.

The Notes client must be restarted but it provides some useful information on connectivity and some buddylist issues.
    for this posting

    On Thursday, May 19th, 2005   by Chris Miller        

Sametime cluster, what names have to match?

Really this one is quite simple.  A cluster name is a placeholder for Sametime as well as Domino.  The Domino server and physical server name do not have to match.  Neither does the Sametime cluster and anything else.

Carl always says it best.  If you do not understand that FQDN matters in Sametime, then don't load Sametime.   Of course, I am paraphrasing there, but it is so true.  A Sametime cluster name does not get referenced except internally inside the server in stconfig.nsf.  You will use a virtual DNS entry for the cluster through some sort of load balancer.  A Domino cluster is for the clients and servers to find and talk to each other only.

I found that having some form of similar name matching for Domino clusters worked wonders to identify where the Sametime cluster resides.  Now is a Domino cluster required?  I would say that for vpuserinfo.nsf it is of course required.  How else would buddylist changes get pushed across.  If you are using LDAP then the directory is of no immediate importance so you are pointing to the same clustered source.  Admin4 won't process much since there are no name changes on the servers directly.

There you have it.  Then again my mind is like butter as I prepare for this week so I know that sounded (read) like a bit of ramble.
    for this posting

    On Monday, May 16th, 2005   by Chris Miller        

Sametime apologized and submitted

After a nice day of getting everything working, a quick dinner at O'Connor's Beef & Chowder House.  Yes they have fine corn and crab chowder tonight in huge portions (eating as I type).  I don't do the beef thing but the salmon and chicken choices look great.

Blogger's note to his faithful readers:
So I wrote a bit more below but on third reading edited some. I thought that heck, here is a quite a bit of a guide the past few days to get you rolling, but just hire me to do that darn thing for you instead :-)  It might be my hunger thinking that right now, or small amounts of greed. Bwa ha ha ha ha!!!  But either way I loved the experience of doing it again at a customer site since we already do this on our hosted side and have the steps down to a nice science.  Anyone upset over that?  Forgive me in advance if so

Ok, down to business.  Carl was right in saying that the client chose the F5 hardware based solution for load balancing.  We have it set to load balance some ports and let the servers talk to themselves behind it on others as necessary.  Server 2 had a hard time understanding it was to really run Sametime, so it spent a lot of time overnight on the naughty mat as I stated and for punishment got reloaded today.

So chat fails over from the Java and Sametime Connect client.  The Notes client does not have that ability in the current releases, but that is on the list for later ones.  Instant Meetings are a whole other posting that needs to be done with some sort of Matrix that only the Swedish Chef from the Muppets could understand.

One key thing when setting up Community Clusters, do not forget to work with and choose if you wants Secrets & Tokens or SSO.  Don't try and be fancy and do both.  Domino has hard enough time, then layer Sametime and it's ability for S&T and you get a deadly mix.  Yes it does write to the notes.ini when making this change but playing with that isn't the route to go.  You should sneak and see my session on notes.ini deciphering at Admin2005 for that.

One other side tip, we learned another important lesson.  Sametime debug parameters rely heavily on ] and not on } now don't they?
    for this posting

    On Wednesday, May 11th, 2005   by Chris Miller        

Sametime clustering and the bad bad server put on the ’naughty mat’

So to catch up on progress, the community chat cluster works great behind the hardware based load balancer.  When one server is taken down (for testing), the Sametime client drops and moves to a connecting status.  Within a minute (it was at 30 seconds in our testing) the client reconnects to the clustered chat server.  Magic at it's finest.  So as long as the load balancer is working, people can chat to their heart's content.

Now instant meetings are started on the home server (or the one connected to in a cluster) so if that server dies, then you lose that meeting when you fail over.  Now this is where one server became a very very bad server.  One of them decided that it would not start a meeting no matter how hard we begged.  So a quick rebuild tomorrow and we will test that last piece.  I have one remaining question. If I am on the server that stays up as the owner of the instant meeting and the other participant was connected to the server that dies, will they stay in the instant meeting and reconnect for chat?  Oh those begging questions to be answered.

Anyone want me to run through the steps of how to cluster two Sametime chat servers?
    for this posting

    On Tuesday, May 10th, 2005   by Chris Miller        

Sametime clustering, two left feet and no toes

I have the pleasure of working with a large-scale Domino deployment that also uses Sametime.  Now they are quite possibly the largest Java Connect deployment i have heard of, anywhere.  Without going into any issues they have fought and overcome (and the ones still left), the goal here is to build a chat cluster, leaving the Meeting Server for later.

After some brief time of just getting to know more particulars about their Sametime environment, we got right into it.  Look for some tips as we move along the next couple days.  For starters, most of you already know how important DNS is to Sametime.  It becomes even more important as you deploy some sort of load balancer.  Note I said load balancer and not round-robin DNS entries.  There is no heartbeat or knowledge of a server being down in that approach and ultimately, the scaling and deployment will fail miserably.  So they were well prepared with a hardware load balancer solution in place.  But, due to DNS update times, we got most of the cluster built, documents created and servers ready and had to wait till tomorrow for a move of some DNS names.

I will cover the document building in the next post, my Chimichanga is here.
    for this posting

    On Monday, May 9th, 2005   by Chris Miller        

SSL session resumption (who knew, I didn’t)

Playing around with a client that wants absolutely everything over SSL for web browsers.  I had no idea this little gem existed
SSL session resumption greatly improves performance when using SSL by recalling information from a previous successful SSL session negotiation to bypass the most computationally intensive parts of the SSL session key negotiation. HTTP is the protocol that benefits the most from SSL session resumption, but other Internet protocols may benefit as well.
By default, the server caches information from the 50 most recently negotiated sessions. This number can be modified by setting the variable SSL_RESUMABLE_SESSIONS in the NOTES.INI file.  Increasing that number may improve performance on servers that tend to carry large numbers of concurrent SSL sessions.

SSL session resumption can be disabled by setting SSL_RESUMABLE_SESSIONS=1 on the server.

SSL_RESUMABLE_SESSIONS has no effect on the Notes client. The Notes client will cache the most recent SSL session.

Note  You cannot configure SSL sessions to time out and expire.

Let's give it a shot and see if the results are of benefit, will let you know

    for this posting

    On Wednesday, April 27th, 2005   by Chris Miller        

Perimeter Email Security, who has it?

I have found I read and get to play with technology a lot here.  Well the theory (and a recent read from Messaging News) on Perimeter Email Security Appliances caught my eye.  Instead of just tossing mail over the fence into the company and then tossing things back out, the appliance is to watch the behavior of traffic as well.  Not just spam and virus, but learning from the amount at one time as well as source.  For example:
  • If a lot of mail is coming in for non-legitimate addresses, then it can be directory harvesting or even a DoS attack
  • If mail is going to large groups at one time, and not from an internal or approved course, it would be tagged as spam if from a single source
  • Mail flowing between people in the organization can be checked as well
This last bullet is interesting because it means pushing external mail out to the DMZ area for the perimeter device.  While it is great that all the functions of cleaning, scouring and quarantining mail is done by dedicated devices, having internal confidential mail run to the DMZ makes for an architecture headache.  This is one part to investigate before randomly deploying such an appliance.

Plus, if the mail is encrypted (Notes), then how would many of these appliances even read the message to begin with?  There is no ability to track content then.  Then how do the users manage retrieving the mail that has been quarantined by the appliance?  What interface is available?  Do administrators have to do this manually? How are the signature and content files updated?  What is the support for blacklists, whitelists and even SPF or Domain Keys?  Just things to think about.
    for this posting

    On Tuesday, April 26th, 2005   by Chris Miller        

BlowSearch Secure Messenger (like Trillian with encryption)

I came across a small article on BlowSearch, which is a metasearch engine, that mentioned it multiple IM service client.  As we know I take great interest in that.  So I read up on it and thought you might find it interesting.  I am thinking about testing it some.
  • Strong industry leading security. Up to an unmatched 4,096 bit encryption technology.
  • Extensive privacy settings and block list abilities.
  • Create private conference rooms.
  • Integrated web search technology from BlowSearch.
  • Customizable sounds and notifications.
  • Full message logging capabilities including export of conversations.
  • File transfer capabilities between users.
  • User profiles, public or private. You control your information.
  • Chat rooms galore. All categories with admin capabilities.
  • Tabbed interface allows for easy access to launching desktop applications.
  • Updated scrolling news and information.
That was a general list with the most important being the encryption.  If both sides are using their BSM client, then each message is secured in the following manner
Blowsearch Secured Messenger utilizes the OpenSSL library to provide encryption routines for your Instant Messages. We use a combination of randomly selected schemes and bit lengths, ranging up to 4096 bits, with additional algorithms added in to make your messages even more secure. We start with an RSA foundation and move out from there.

So I am downloading and playing with it some.  Anyone want to test?
    for this posting

    On Friday, April 22nd, 2005   by Chris Miller        

Follow-up on Sametime, tunneling and two NIC’s

I originally posted this on March 17th, and got the first part working successfully.  Clients on the outside are easily able to connect either tunneling or direct depending on their ability from the outside.  Unfortunately there was another catch were weren't so bright about.  If you happen to use the Sametime server in tunneling mode and NAT (Network Address Translation) to the outside world, and then for good measure decide to toss a second NIC card into the mix, well lots of things can break.
  • If you leave the second NIC enabled then it will start trying to grab that NIC as the bind and tunneling and whiteboarding starts to fail
  • If you disable the second NIC and run enterprise backups across it (as most companies will), then you screw yourself there
  • If you move a NIC out of the NAT into a DMZ or other area, you expose the server
  • If you chant loudly "Sametime rules the planet and LCS is a spawn of Satan" nothing happens but you feel better about your decision to use Sametime

Ok, I am kidding about the third, I mean last one.  Needless to say I need everything to work together.  Backups, two NIC's and Sametime with tunneling.  By the way, yes Lotus pushed out a technote under #1088421  Link
    for this posting

    On Friday, April 15th, 2005   by Chris Miller        

Question from my 6.5.4 upgrade post

Sean Burgess posted a question you can see right here.  To answer, we do not have that many local applications.  We try to centralize everything as best we can on the servers and eliminate those very needs.  I understand the pain of local synchronization.  We actually moved to a server-based Cadenza solution, with the wireless access, to remove that very issue.  People were wanting all sorts of different solutions for different devices and we made a decision to support a wide number through this package.

Application support in most companies is already a nightmare, but having a mix of local applications make it far worse.
    for this posting

    On Tuesday, April 12th, 2005   by Chris Miller        

Upgraded to 6.5.4

I managed to sneak on some time to upgrade a few servers to 6.5.4 since it just came out.  It was pretty seamless for both the server and client so far.  No problems, issues or crashes.  I am eager to see the Domino Web Access improvements.

Ed has prompted us on the security patches, which is always an important reason for the upgrade.  I will keep you up to date as I finalize the cluster upgrade and all the clients through Smart Upgrade
    for this posting

    On Friday, April 8th, 2005   by Chris Miller        

Server mail rules and some of my opinions

I talk quite a bit about server rules in my Admin conference sessions on SMTP and mail routing.  However, I realized I do not do that here as much.  Rules to me can be very powerful, but also a hindrance if not managed or implemented properly.  Let's talk about a couple of the hindrances
  • No categorization - meaning there is no description area or ability to group them together from a drop-down list.  Maybe that list comes pre-built from Lotus or maybe it is open so you can add your own as you go along.
  • No sorting - this follows right behind categories as there is no way to sort the rules in the server or email file.  How are you to find any certain rule if you have to scroll and hunt.
  • Order in embedded view is only shown as the order the rules are applied to the message.  This goes to sorting
  • You cannot use special characters - Now I am not implying that every character should be used.  But if you ever tried to be creative and use a "\" and perform some rudimentary sorting you were in for a surprise.  Everything after the slash is ignored.  So yes it looks nice, but the rule is then not applied properly to any mail message.  This also removes the possibility of wildcards.
  • The amount of rules in mailfiles should be decreased.  Finding the appropriate rule in a list of 100 becomes unreasonable.  Compounded with the current issue of some rules staying active after deletion makes finding them to help users a long trek.

So yes, there is some good things.  The ability to sort mail on the fly is awesome for mail management.  The ability to have numerous strings of AND/OR makes adding exceptions to rules easy.  (yes mail can get lost in the matrix if you do not understand all your rules)

So there is some quick thoughts!  Any of your own

Comments Disabled

My recent experience with Sametime tunneling, firewalls and ports

With Sametime being the tricky beast that it can be for networks, it is no surprise that I should be posting some thoughts on tunneling setups.  I did bounce some quick ideas off of Carl, to verify my days of work were for naught.  Basically we have a customer that wanted a tunneled Sametime server behind our firewalls, that also accepted direct connections if the client could do so.

First we ran into the Sametime server binding to the wrong NIC card.  This was causing the MUX to act like a person in the mall that forgot where they parked the car.  They knew it was in the garage somewhere, but were busy looking on level 2 instead of level 1.  This lead to it thinking the port was stolen.  Much like a person would think  their car was also.  The solution for now was to disable that second NIC card.  The sametime.log file then showed that the MUX was binding to the right IP address and NIC card.  Then that card is NAT to the Internet .

This is where the firewall comes into play.  So what we are looking for as the final result is that the MRC (meeting room client) of Sametime will download to the meeting attendee and try the standard ports to access the Sametime server for the meeting.  If those ports are not available through their network, or we are preventing them from getting in via the firewall, then the MRC should try port 80 for a tunneled connection.  However this is where you can have awesome success or some failure.  So here is where it stands on how to do it.

Install your 6.5.1 server as tunneled, if you did not you can always make the changes manually.  Quite simply too.  Then open the firewall for ports 80, 8081, 554 and 1533.  This will allow tunneling and also attempts at direct connect for screen sharing, whiteboarding, chat and broadcast meetings.  This has nothing to do with audio/video tunneling.  That is a whole other topic.

Make sense?
    for this posting

    On Thursday, March 17th, 2005   by Chris Miller        

The MUX that can’t (Sametime for all of you others)

We started having an issue on one of our customer's hosted Sametime servers where during the day, at seemingly random times, the MUX service would just die and goa way.  Only to return a short time later when it restarted itself.  Now there is a NSD outfile for the MUX service that shows it is notes a Notes service.  That is awfully confusing when it is a Sametime service that runs on Notes.  So I can see where it gets confused.  The server is also tunneled and was trying to assume the IP address of the internal NIC card that we use for the backup network.  Instead of the external NIC that is NAT to the Internet.

Unfortunately the only technote that is close, and describes the problem almost exactly, has no fix.  The almost exactly part states that you get MUX exception errors in the Windows Event Viewer only when the service terminates normally.  So basically, don't worry about it.  But I am getting the exact error, on the exact operating system version while the server is running and not shutting down.  Still the answer is quite simple:
This issue has been reported to Quality Engineering.

UGH!   Updates on the solution as they come in.
    for this posting

    On Wednesday, March 9th, 2005   by Chris Miller        

Server cluster and availability indexes

OK, this used to make sense and actually have some value.  But right now it seems to be working against me in 6.5.3 at a customer site.  Now we have to include the expansion factor into the equation.  These two together only measure the response time, the client could see more.  So how is it beneficial?  So they are saying the indexes help decide which server for load, but the client could see worse.  Well I was seeing both of the indexes go up and down like stocks before and after a merger.

You can adjust the indexes and expansion factor as you wish, but they were not high enough to begin with.  So we started that morning with an unstable 6.5.1 server cluster, with availability somewhere in the 40/14 range with the 40 being the internal server.  After the upgrade to 6.5.3 we saw the availability jump to 75/30 on normal load.  This tells me there was some improvements along the way in stability and scaling.  Yes, they do use iNotes very sparingly on the outside server.  Most load is the clients accessing mail and applications.

What is the point to all this?  Well the expansion factor stayed low on the outside server, around 7-8 but jumped to as high as 60 when it was the only server and we were upgrading the internal one.

My guess is that the outside server was sending traffic randomly between the internal NIC and external NIC to talk to the same server.  But wait, you say!  Chris, you said one was internal and one was external. Due to their architecture, you can get to the outside server from inside to let them have some sort of cluster.  But, since the connection records use DNS, it reads the external IP address and tries to go out through the proxy and Internet to connect to the server.  The organization does not run internal DNS and relies on the ISP.

I verified they did not have any ini parameters to adjust the availability and help regulate load.  They did not and were allowing Domino to decide the factor on the fly for them at each polling. To make this shorter, we decided to let it sit this weekend and get a better range of availability with a couple days of usage instead of relying on the few hours after the upgrades.

More on Monday or Tuesday on this topic then.
    for this posting

    On Saturday, February 26th, 2005   by Chris Miller        

Update on my travels the last two workdays

So faithful reader, where has Chris been last Thur and Fri that he vanished from all reasonable postings?  Well I was scooped up, hooded, spun three times and placed in the back of a black truck before being whisked to a government facility.  Ok. part of that is true.

We were called in last minute to help scale a LearningSpace infrastructure.  The website itself will be public, but where we had to go was not.  It is amazing the security precautions and what you go through to even move a server from build-up to production.  At least three different groups are involved in that activity and once that server leaves the build-up, odds are (if it stays running) you will never see it again except through a remote console.

So let's move into the tech side since I can't say any more detail about the above.  It was a simple tiered architecture without much redundancy.  The real issue was the number of concurrent users they get now and what is expected by Aug.  There was no way that they could handle the load.  We ended up taking the 3 server environment to 7 total with some hardware load balancers.  All this was architected, installed, configured and ready for production in two days.  The site will actually go live on their scheduled outage time of Tue nights though.

The end result was a LearningSpace 5 environment behind a few firewalls, a load balancer, then 4 core servers, 2 content servers and some back-end database servers to provide the redundancy and scaling needed to reach their concurrency goal.  I would love to give the nitty-gritty details like usual but just be happy and pleased with that.  But no, they are not using LDAP so there is no tech info there.
    for this posting

    On Monday, February 21st, 2005   by Chris Miller        

An update on DWA issue two days ago from a reader

Stephan Wissel came forward with a comment on how they handle the issue of local address books.  I thought it was interesting and deserved some discussion.
Hi Chris,
since R6 it is official that the users names.nsf can live on a server (a.k.a. Roaming profile - We did that for backup since R4). With a little scripting help we do:
a) synchronize the users NAB with the Names in the mailfile automatically (user doesn't even know that they would need to do so)
b) Filter out the names from the public NAB. Here we tried two strategies: either remove them from the users NAB (which p***d some users off) or exclude them from the sync with the mail file.
:-) stw

So he is saying with the roaming feature enabled in Domino 6, they are pushing names to the mailfile in the background with scripting or filtering out public address names.  I fully agree with the second choice for a couple reasons:
  1. If the user is utilizing Domino Web Access (DWA) then why would they need the public addresses in the personal address book?  The server has that directory as an option.  Sure, we could go so far as to say DOLS, but why not then give them the public directory in DOLS also?  Makes sense to me.
  2. If you filter the names from the public NAB and then push a mobile directory catalog for users requiring it, you guarantee updated names, addresses and encryption keys for all users.  Plus doing this on the server side (could be a strictly roaming server for scaling reasons) would take the user end scripting out of the picture also.  A nightly scan could be done.  Once again some would say they store possible personal or additional information in the local listing for another employee that you would not want or shown in the public listing.  So let's just make the filter match the public listing and even match the public key.  All would be satisfied that way.

I guess where we are heading in all this is the option to guarantee that addressing will not fail and there will not be those weird names when addressing from the web in DWA.
    for this posting

    On Thursday, February 17th, 2005   by Chris Miller        

Addressing and local NAB in Domino Web Access

Just a little tidbit trick we picked up today.  It seems that users like to copy entries from the public directory into their local NAB and then sync with DWA, or worse yet create their own entries for people inside their company into their address books.  This causes a nice duplication to show when you are attempting to send an email from DWA with two choices for the person.

Of course we (as administrators) expect this behavior.  But the way the name shows really throws users off  Here is a screenshot, and yes it was blurred some but you get the idea.  I didn't want the names out there for gosh sakes.

Image:Addressing and local NAB in Domino Web Access

As you see, the yellow part says more than one entry was found for the name and the white part shows both the way the user would see it from Domino and then one that almost looks like LDAP.  This server has no Directory Assistance or Directory Catalog in place.  So through testing and troubleshooting using our own mailfiles, if you had an entry that did not exactly match the server NAB, then this pop-up would show.  If they did match, the mail would address as normal and off it went.  So no more typing in names in your personal NAB of people from the Domino Directory folks!
    for this posting

    On Tuesday, February 15th, 2005   by Chris Miller        

Came across this while teaching the Sametime class

I am teaching the Sametime Admin class at a LAEC yesterday and today. There have been speedbumps and potholes all along the way during the first day.  The course material is still 3.x while we are teaching 6.5.1.  But most of the issues arise over misconfigured DNS or host name entries in the server documents.

Well we came across an issue where the checkbox to enable Instant Messaging could not be found in the Domino Web Access preferences.  I know it should be there, and the users had a Sametime server specified in their person records.  I was dumbfounded that it wasn't there for some reason.  So I broke out the laptop to do a quick search of the Knowledgebase.  The new IBM support for Lotus really bites and sometimes it seems you cannot even find technotes with the darn number in the first place.  So here is the exact reason (technote #1190873) that is was not showing, matching down to the version.  Who knew they made this little gem of a change?  Quite frustrating when a point release makes a change like this for some reason.


In Domino Web Access (iNotes Web Access) 6.5.3 or above, you want to use the Instant Messaging feature.  The Help documentation states to do this you must enable Instant Messaging via Preferences > Other > Enable Instant Messaging.  However, when you navigate to this area the "Enable Instant Messaging" option is not there.  This option is definitely available in previous releases of Domino Web Access 6.5x.


This is working as designed starting in Domino Web Access (DWA) release 6.5.3.  An enhancement request was made in DWA 6.5.1 to hide this "Enable Instant Messaging" option in the user preferences if the DWA server is not configured for Instant Messaging.

This request was addressed in DWA 6.5.3.

Excerpt from the Lotus Notes and Domino Release 6.5.3 MR fix list (available at

Instant Messaging

  • SPR# PTUL628GWM - The enable instant messaging setting in Preference/other will not be available if DWA is not set up for using Lotus Sametime.

    for this posting

    On Friday, February 11th, 2005   by Chris Miller        

Testing the Premier Conferencing Adapter for Sametime 6.5.1

I finally got off my behind to start testing the new conferencing adapter.  Let's make this very simple.  Just download and install.  Well maybe.  There are a couple things to be aware of.
  1. The download includes an updated template for the Sametime Meeting Center (I always presumed this database name won't change since it is hard to type Lotus Web Conferencing Meeting Center onto a desktop icon).  This new template has some changes for the adapter, but of course will wipe out any customizations you might have made to your own template.  So, as always, back it up first before the install.
  2. Next is a catch with the Sametime Meeting Room Client (MRC651).  This downloadable piece that gets installed when you participate in meetings (remember the nice grey screen as you wait for a server, that is this downloading).  Well if the user does not have permission to install or this gets blocked then the meeting won't work either.

Now if you play with this new feature and don't like it or want to turn it off there are two simple steps you must perform.  Yeah simple, right.
1.        Open the stconfig.nsf database and edit the MeetingServices document. Set the Audio Bridge Services field value to "false."
2.        Run the "regedit" command and change the following registry setting to "0":

So we are playing with this new piece and will let you know as the test goes on.
    for this posting

    On Monday, February 7th, 2005   by Chris Miller        

Mail rules was brought up at Lotusphere more than once, so a quick bit of info

It seems that just because you remove/delete/disable a mail rule in a mailfile, it still can function as if it was enabled.  I did some searching and amazingly Lotus has issued some technical information on this.
You may observe that a deleted mail rule continues to function, even though it no longer appears in the Rules folder.  You may also observe that an enabled mail rule does not run.

So they go on to provide two scenarios where this might occur.  If you actually delete the rule, it might still be hidden.  They show steps to see the hidden rules that I wanted to pass on.
Look at the Calendar Profile using NotesPeek or LotusScript and you will still see the corresponding $FilterFormula_x field present.

Now there is a ton of resolution scenarios that are listed in the technote (#1088058) but this was the most important thing to pass on right away.
This occurs when a rule was deleted while it was still enabled.  This causes the rule entry in the Calendar Profile to not be removed.  In order to avoid this issue in the future you should be sure to always disable a mail rule prior to deleting it.  Ways to workaround this issue (and remove the rule entry from the Calendar Profile) are listed further below.

So make sure you disable the rule before removing it.  Seems to make a world of difference until this get sorted out in a future release.

    for this posting

    On Friday, February 4th, 2005   by Chris Miller        

DNS, CNAME and proper due diligence

So here is the scenario:
Place: Data Center with smiling sales rep and customer
Customer has a server for some time and adds a domain for web and mail as they merge with another company.  Following easy DNS we make a new DNS zone and create MX and A records for the new domain.  Wow, the world of the web and email is great

Place: Data Center and Customer Site (flip back and forth) with smiling people
Customer goes for years with awesome performance and no issues

Place: Customer site and Data Center with people running around and banging on keyboards
Customer fails to renew one of their original domains.  This domain was used in the reference for the CNAME and MX records for the merger.  Suddenly mail and the website cannot be found and no apparent reason.  After much troubleshooting we tracked it backwards and made the appropriate changes to get it back in line.

Place: Cubical with people with missing hair in patches
Closing scene with customer.   Phone conference explaining to them that they let one of their original domains expire.  This in turn broke the other domains that referred to it through CNAME and MX.

Writer summary: For gosh sakes check your DNS tables and make sure you are current on domain registrations
    for this posting

    On Thursday, February 3rd, 2005   by Chris Miller        

Of course I went and played with MSN Spaces for testing

Since I am coming up on two years of blogging soon, I like to goof around with new design ideas (as many of you have seen the site deign change over time).  But I don't mind trying out other blog templates or software just to see what I can integrate into mine.  With all the talk on Ed's blog about Microsoft and their numbers being published around Microsoft Spaces, I went to see what all the hoopla is about.

Creating the blog was just as easy as any other site.  Log in with your Passport of choice and choose a URL (of course my title was "IdoNotes more than Exchange".  Not bad.  You can then fly right into the blog itself or choose a color/theme for the blog.  No big deal, reminds me greatly of Quickplace to be honest.  Little snippets of the corner and color/theme and a checkbox you select before clicking Save.

Inside the blog the first thing I noticed was the 'admin' homepage.  It showed recent comments and even trackbacks.  I liked that.  What did catch my eye was the link on the left to add music lists.  Some of you know I am a music fiend.  The little hook they put in was it would read your playlists from Windows Media Player.

Image:Of course I went and played with MSN Spaces for testing

The do allow HTML as any web blog should do, but it is mentioned that some HTML may be removed for formatting and security.  I find this to be along the lines of they won't let you run any funny little scripts.  You can make book lists, blog lists or custom lists that get placed along the sides.   There are some pre-built categories for sorting the blog entries you make and you can provide your own as you go.
    for this posting

    On Monday, January 17th, 2005   by Chris Miller        

I had mentioned this notes.ini change once before for the Sametime server

Apparently this ini line was originally put into place to force users to a consistent UI for chat using the vpuserinfo.nsf database to store the buddy lists.  While in Domino 7 they are changing it permanently (well you can revert with another new notes.ini), 6.5.2 had a bug that uses this same notes.ini line to fix it.  Funny how these things creep in and out of versions.


In a Domino Web Access 6.5.2 mail file accessed via the browser, adding a name to the Buddy List from the Domino Directory does not work unless the hierarchical name is changed to a common name in exactly the correct case.

For example, if you attempt to add John Doe/ACME, you will not be able to in 6.5.2, although doing the same thing in versions 6.5.1 or 6.5.3 you will be able to add the name.

If the name is entered in 6.5.2 as John Doe, assuming John Doe is the correct case, the name will successfully be added.  However, entering John doe or john Doe or john doe or JOHN DOE, etc. will not work.


This issue appears to be isolated just to version 6.5.2.

As a workaround for the 6.5.2 Domino Web Access server, add the following parameter to the 6.5.2 Domino DWA server's Notes.ini file:


This setting will use the Sametime Connect for browsers user interface, rather than the Domino Web Access chat user interface.  

    for this posting

    On Tuesday, December 28th, 2004   by Chris Miller        

Small bug I was reminded of in 7.0 that is in 6.5.x

While working with a customer last week, we were attempting to get their SSL configuration up and running.  We both made the same fatal mistake.  We were in the Domino Administrator client on different servers so we could work in tandem in setting up the SSL keys and certificates.  We both connected to the proper server and went to the files tab.  From there we both opened certsrv.nsf (the certificate authority database) from the admin client.  Both of us crashed.

I run beta 2 of 7.0 and he runs a 6.5.x version.  Now opening the same database from the Notes client works just wonderfully, but not from admin.  Go figure.  Just a little tip.
    for this posting

    On Monday, December 27th, 2004   by Chris Miller        

You know how I love Trillian, some 3.0 release news

Trillian is making a bold move here from being a single source client, to it's own type client for behind the firewall.
Cerulean Studios has added support for Apple's Rendezvous protocol to its popular Trillian instant messaging application.

With Rendezvous support, Trillian now will offer serverless IM capabilities for users on the same LAN.

While all this is only available in the Pro version, they added another feature or two to entice you.
In the new Trillian 3.0, the Rendezvous plug-in allows employees on the same LAN to automatically discover each other for messaging, file transfers and videoconferencing.

Paid users also get access to plug-ins for connection to Jabber and Novell GroupWise Messenger, and video-chat support with enhanced logging capabilities.

Trillian 3.0 also adds several bells and whistles, including an "Instant Lookup" tool that integrates with the Wikipedia online encyclopedia to offer real-time information based on text conversations

With the Sametime plug-in that IBM Alphaworks currently has out, let's just figure out the licensing issues.
    for this posting

    On Tuesday, December 21st, 2004   by Chris Miller        

For those playing with the SIP gateway on Sametime

If you have installed the SIP gateway and are working with adding users from another Sametime community to your buddylist, you will find that you cannot add groups.  You must create a local group, that gets stored in vpuserinfo.nsf on your Sametime server, through your Sametime client, and then add people one at a time to that group.

 Of course, adding the group straight from their directory would be nice, but what would happen if you both had groups with the same name?  So I do get why they did it that way.  Mainly in the first implementation.


You use the Sametime Session Initiation Protocol (SIP) Gateway to chat with users in the external Sametime community and would like to add groups of SIP users to your buddy list instead of adding them one at a time.  Is this possible?


Currently, you can only add one external SIP user at a time to the Sametime Connect client buddy list.

An enhancement request to add a group of SIP users at one time to the buddy list has been submitted to Quality Engineering.

    for this posting

    On Monday, December 20th, 2004   by Chris Miller        

Mail journaling and duplicate emails

Once again the attendees at Admin2004 Europe come through with interesting questions.  This one came up in my SMTP Configuration sessions.  Not a lot of people are using mail journaling from what hands were raised each time I asked.  This seems to be a major difference in what requirements and needs are in place for American versus European countries.  But here is the problem and answer already pointed out by Lotus.

You have configured Domino Mail Journaling for your system and have configured the appropriate mail rules.  Mail Journaling is working as desired; however, occasionally a message is duplicated in the mail journaling database.  Why is this happening?


There are two scenarios in which duplicate journal entries can occur:

1.  A message is composed with at least one internal Domino recipient and at least one external SMTP recipient.  The message is duplicated as long as there is at least one internal and one external mail recipient.

2.  When all recipients are internal Domino users, they have different values for their preference for incoming messages in their Person Document in the Domino Directory (names.nsf).  For example, User1 has "Prefers MIME" option selected and User2 has "Prefers Notes Rich Text" option selected.  When a message is sent to User1 and User2, the message is duplicated in the mail journaling database.

As a workaround, try the following:

1.  Verify that the sender's "Format for messages addressed to internet addresses" on the Location document and set this value to the same value as the internal user's preference for incoming mail. For example, both are set to "Prefers Notes Rich Text" or "Prefers MIME".

2.  Set the mail format preference in the Person document the same value (either "Prefers Notes Rich Text" or "Prefers MIME" for all internal users.

Both scenarios have been reported to Quality Engineering team; however, there are no plans to address these issues in the R6 codestream.

    for this posting

    On Thursday, December 9th, 2004   by Chris Miller        

Forcing DWA users to use the Java Connect for Sametime

I came across this little gem today to force Domino Web Access Users to use the Sametime Java Connect chat interface instead of the integrated one.

    for this posting

    On Thursday, November 18th, 2004   by Chris Miller        

Don’t look at that pane, the window is broken


When you are working in your mailfile, Notes crashes. It does not happen every time, but you notice it happens more often when you have a preview pane open.

Your Notes client crashes in the following situations only when the preview pane is open:

  • while generally working in mail file
  • while moving a memo to a folder
  • while closing a document
  • while opening up an attachment


This issue was reported to Quality engineering and is under investigation. You can work around this issue by keeping the preview pane closed. The preview pane can be disabled by clicking the word "Preview" on its title bar or on the down arrow next to it.

    for this posting

    On Thursday, November 18th, 2004   by Chris Miller        

ILWWCM installation completed and my thoughts

I started talking about the IBM Lotus Workplace Web Content Management 2 installation last week.  At that point in time I was incredibly frustrated also since the Citrix servers we were using for the installations decided to go AWOL on me.  Later on Thursday evening it was back and I was back to work.

After a brief walk, much "shoot the monster' on the PS2, my head was clearer and I could get back to working with the configuration files.  I don't much like the effort of having to go into text editor for .properties and .cfg files to place absolute paths.  There was even a large environment variable that had to be manually entered into the Windows system.  That to me just seems wrong that the install package doesn't account for that yet.  Troubleshooting a typographic error there could take some time.  Troubleshooting ones in the text editor is much simpler.

So, getting back to the story.  You have to place the path where you place ILWWCM files, the node information for Websphere in some places, the host name (for gosh sakes) and definitely the port information over and over.  I would think it should come with the host name (pulled from what you type in during install) and append the port.  Then there could be specific instructions on how to modify it outside of the standard if you so desire.  I did a lot of Find-Replace commands with Wordpad as I went through the instructions.

There are also lines that you comment and uncomment with the # sign, but that is not so unusual and did not concern me as much since this is not a GUI type managed configuration.

But once installed, the management screen was consistent throughout the steps I went through on customization.  Some of the menu items were not easy to grasp at first why you only saw certain documents, but flipping around I could find what I wanted.

More later, phone........

    for this posting

    On Monday, November 8th, 2004   by Chris Miller        

IBM Lotus Workplace Web Content Manager 2 install

I am going through my first ILWWCM 2 installation.  This in turn brings back headaches and memories of my Lotus Workplace Messaging installation I talked about here.  So I am finding that the config files in the documentation still need a bunch of work and much of this should be automated.  There is too many config file changes that should be configured through GUI or part of the install itself.
    for this posting

    On Thursday, November 4th, 2004   by Chris Miller        

iNotes, DOLS and Windows XP SP2


Are IBM Lotus Domino Web Access (iNotes Web Access) and IBM Lotus Domino Off-Line Services (DOLS) supported under Windows XP with Service Pack 2?


Currently, neither Domino Web Access nor Domino Off-Line Services are supported when running on a Windows XP operating system that has Service Pack 2 installed.

Errors may occur when attempting to run DWA or DOLS on XP SP2.

Support for DWA and DOLS under Windows XP SP 2 is currently being researched.

    for this posting

    On Wednesday, November 3rd, 2004   by Chris Miller        

Still running a Sametime 3.01 CF1 server with the new integrated clients?


After installing a Sametime 3.0 Critical Fix 1 (CF1) server, users that connect to the server with a Sametime 6.5.1 client see the error message: "Application version does not match the server version. Please upgrade."


This is an issue with Sametime 3.0 CF1 and has been reported to Quality Engineering.

There are two ways to fix the problem:

1.  Disable Critical Fix 1.  In order to disable the Sametime 3.0 CF1 set the VP_SECURITY_LEVEL ini parameter in the sametime.ini to 0, as described in technote #1145812Link.
2.  Copy the stsecurity.exe file from a Sametime 6.5.1 server and use it to replace the original 3.1 CF1 version, as follows:

a.  Stop Domino on the 3.1 server.
b.  Rename stsecurity.exe to stsecurity.old.
c.  Copy the stsecurity.exe from the 6.5.1 server to the Program directory on the 3.1 server.
d.  Start Domino.

    for this posting

    On Friday, October 29th, 2004   by Chris Miller        

Should Debug_Outfile be used on a Domino 6.x server?

Straight from technote #1181562

Dynamic Console Logging

Starting with Domino 6.0, the Domino server creates a console.log file by default in the "IBM_TECHNICAL_SUPPORT" folder, which is located in the server's Data directory.  The development of the console.log file, which can be dynamically enabled and disabled at the server console, makes the use of the parameter debug_outfile no longer recommended.
For backwards compatibility, when debug_outfile is present in the notes.ini it takes precedence.  However, using the debug_outfile parameter is no longer the preferred method for capturing console output.

Console.log is superior to the use of "debug_outfile" because it can be dynamically enabled and disabled at the server console, thus eliminating delays capturing crucial data.  Server reboots are no longer required to begin capturing basic console logging, which is not the case when using the parameter debug_outfile.


  • There may be a few customers who wish to continue to use debug_outfile to rename the log file or to relocate the log file to a different directory via debug_outfile=\.
  • If you just want to relocate the directory these files are saved into, but are happy with the name of console.log, you can use another new parameter logfile_dir.  Here are some examples of these parameters at work
notes.ini parameters show server output
Diagnostic Directory:     C:\Lotus\Domino7\Data\IBM_TECHNICAL_SUPPORT
Console Log File:           C:\Lotus\Domino7\Data\IBM_TECHNICAL_SUPPORT\mylog.log
debug_outfile=C:\temp\mylog.log Diagnostic Directory:    C:\Lotus\Domino7\Data\IBM_TECHNICAL_SUPPORT
Console Log File:           C:\temp\mylog.log
logfile_dir=C:\temp Diagnostic Directory:    C:\temp
Console Log File:           C:\temp\console.log
Diagnostic Directory:    C:\temp
Console Log File:           C:\temp\mytemp.log

  • If you place a debug_outfile=xxxxxx statement in your notes.ini and start the server, it will internally start writing to the log file, regardless of the value you might have set for CONSOLE_LOG_ENABLED (discussed below).  However, the log writing will still respond to stop consolelog to stop writing to the log.

    for this posting

    On Monday, October 25th, 2004   by Chris Miller        

A technote to share from one of my sessions

The session was on IM Tips and Tricks and then this same question came up at Ask the Experts on Monday evening.  The administrator wished to know how calendaring & scheduling interacted when reserving meeting rooms for Sametime meetings.  I was not sure of the workflow behind it off of the top of my head so I found this technote.  It was worth sharing with everyone so we understand the flow better.
How it Works
-  The Chairperson creates a meeting invitation in the Calendar view of his/her mail file and selects the option, "This is an Online Meeting".   The fields for the type of Online meeting, the meeting place and attachments appear.  

-  The Chairperson clicks the address picker for the place and selects the Online Meeting document from the Domino Directory.  

-  When the Chairperson clicks the 'Save and Send Invitations' action button, the meeting gets mailed to the Resource Reservations database.  

-  The router on the Resource Reservations database does a lookup on the meeting notice, and once the router finds the field called 'External Address' on the meeting, the meeting gets copied and then forwarded onto the external address.  The external address is the name of the Mail-in Database that is in the Domino Directory, usually named Stcs.nsf.  

-  In addition, the router mails a copy to the Sametime Meeting Center (Stconf.nsf).  The router autoprocesses the reservation and sends an accept notice from the Online Resource to the Chair.  The meeting is placed in the database for the external address, Stcs.nsf and the Sametime Meeting Center (Stconf.nsf) on the Sametime Server.

-  The meeting is tracked by the Notes Calendar Servlet (Stcal) by its meeting identifier, which is the APPTUNID.  When the Chair and invitees click the 'Attend Online Meeting' link in their meeting invitation, the browser opens the URL to the Sametime server with the link to the Stcal servlet, processing the meeting APPTUNID.

There you go, the flow of C&S when inviting a meeting room.

    for this posting

    On Wednesday, October 20th, 2004   by Chris Miller        

DCC is getting me Googled, that many need help on it?

Dynamic Client Configuration (DCC) filled up three days of postings.  But now that I have them out there and they are Google available, I see that many people are searching for information.  So here is one more posting.

I found a technote that linked to a Notes.Net article that can be found about Centrally Managing the Desktop. It was back from Domino 5 days but addresses many of the questions.
The components you can manage are:
Location documents
Connection documents
Account documents
The Mobile Directory

We'll show you how you can:
Move a mail file
Change an Internet address
Use a user setup profile to make location document modifications and add fields of your own design to the User Setup Profile
Add bookmarks and new replica stubs, including one for the mobile directory
Add new Internet server account information
Use multiple User Setup Profiles for users sharing computers

So take a peek at the article and the related articles, and we can close out DCC unless anyone emails me some questions.
    for this posting

    On Tuesday, October 12th, 2004   by Chris Miller        

Still have DCC on the brain?

So we have taken two looks at Dynamic Client Configuration (DCC) and what it does and how it does it.  Here is a tidbit of what it can't do.
You are using the Instant Messaging (IM) feature in the Lotus Notes 6.5x Client.  After changing the "Sametime Server" field in your Person document in the Domino Directory, the Notes Client fails to automatically update the "IBM Lotus Instant Messaging Server:" field in your Location document, despite the Dynamic Client Configuration (DCC) feature being configured correctly and working otherwise.

Well that really sucks you say, what is someone supposed to do if DCC didn't get updated to include this when you upgraded to 6.5x you say?
While the DCC picks up other changes from the Person document and makes the appropriate changes in the user's Location document, the "Sametime Server" field from the Person document is currently not being supported by the DCC.

This issue has been reported to Lotus software Quality Engineering and is currently being investigated.

As a workaround, you can configure a Sametime Server in Desktop Settings and an associated Explicit Policy, and assign it to the user in his/her Person document.  When the user accesses the Domino Server, the Location document will be updated according to the Desktop Settings/Policy.

So for those of you slacking on rolling out policies, there you go!  A reason to implement at least one piece.

    for this posting

    On Friday, October 8th, 2004   by Chris Miller        

Ed has me on the DCC information highway

I posted yesterday about some of the working of Dynamic Client Configuration (DCC).  Well Mr Brill himself chimed in with a theory on Domino 7.  While that is not documented yet, I went digging more on things DCC can do and how it functions.  Here is another bit I learned.  Then another post to follow later on more DCC info.
What is Dynamic Client Configuration?
Dynamic Client Configuration is the Notes Client process that synchronizes local Notes Client settings with the user profile stored on the Domino Server.  In Notes 5.x, DCC is used to sync user setup profiles.  In Notes 6.x, DCC works with Domino server Policies to sync desktop profiles as well as setup profiles.

OK, so now we defined what it actually is, how about how it runs locally?
Running DCC:
DCC is actually an executable file named Ndyncfg.exe and it exists in the Notes Program directory.  It runs automatically only on the first authentication the user has with the server for that day.  During the user's first authentication to the server, the server dynamic profile is compared with the client dyninfo object, which is stored in the Personal Address Book preferences.  If there are differences between the dynamic profile and the dyninfo object, DCC runs.  Otherwise, DCC will not run.  Technically, Ndyncfg.exe can be forced to run by typing "ndyncfg" at a DOS command prompt, but this is not the recommended method of running DCC manually.  DCC can be forced to run by clicking on Actions > Remove Address Book Preferences.  This clears the dyninfo object on the client, and de-synchronizes the client dyninfo object with the server dynamic profile forcing DCC to run on the client's next authentication with its home server.

Now we see how it kicks off and how to force it.  I tried it in some testing and yes, exactly as they say it seems.  There was a caveat which we can explore tomorrow.
    for this posting

    On Thursday, October 7th, 2004   by Chris Miller        

Playing around with Dynamic Client Configuration (DCC)

DCC itself is a wonderful piece of technology.  I remember seeing it for the first time when the beta for R5 was coming out and this DOS window would pop up, show a bunch of updating and then go away.  Later we learned what it was and what it did.  For those that don't actually know what action DCC performs:
Dynamic Client Configuration runs when the user authenticates with the server, and serves to update settings on the desktop from the Person document on the server and any Setup Profiles/Policies that are in place.

This of course has nothing to do with replication.  I bring this up since it was asked why DCC was not also being updated when replication took place.  DCC only occurs when the user actually authenticates, not replicates since they are already possibly authenticated and active.

This all boils down to that is a great synchronization tool, but policies far outweigh what we are attempting to do.
    for this posting

    On Wednesday, October 6th, 2004   by Chris Miller        

Why would you want to run multiple indexer tasks?

Let's make this plain and simple. A customer was having a hard time keeping up with a certain large database.  So they inquired on multiple indexers.  Here is what I found documented and wanted to share.
The Indexer works from a queue that contains various requests for databases to be indexed.  The Indexer reads a request from this queue, removes it from the queue, and performs the indexing functions.  Therefore a single Indexer task works on a single database that it pulled from the queue.  If a second request comes into the queue, the next indexer then removes the request from the queue and starts working on it.  If both of these requests are for the same database, then the two tasks will work on the same database.  More than likely, however, the two tasks will work on different databases.  

Multiple Update tasks can update different view indexes within the same database at the same time.  However, the full text index is one index; therefore multiple Update processes cannot update the same full text index.

NOTE:  Having multiple indexers does not mean that performance will improve.  Both tasks would be in contention for the same database semaphore.

In essence running more than one can be quite helpful, but not for full-text issues.
    for this posting

    On Friday, October 1st, 2004   by Chris Miller        

Want to know when Lotus support ends on a product?

Then this is the site for you.  The IBM Software Product Support Lifecycle.  No more guessing or trying to find your rep to tell you.  The have a nice alphabetical chooser at the top, but no search in case you don't know if it is considered IBM or Lotus or just under the product name.
    for this posting

    On Wednesday, September 29th, 2004   by Chris Miller        

Using Gmail for more than mail, sure you can (for now)

I came across this little bit of info on the web about using Gmail as a file storage facility, not just email.  Basically you can use GmailFS to do read, write, open, close and most other file level operations to operate on files stored in your Gmail account.  Quite the interesting read and neat idea.  Kudos to Richard Jones for making this tool.
    for this posting

    On Thursday, September 23rd, 2004   by Chris Miller        

Well if you won’t do Sender ID we will patent SPF, take that.

First AOL decides not to do the Microsoft Sender ID any longer.  Instead they are moving to SPF.  Microsoft is not happy but says this does not hamper their efforts.
America Online Inc.'s announcement Wednesday that it would abandon its attempts to support Microsoft's Sender ID e-mail authentication standard are a serious setback for the Redmond, Wash., software company.

AOL still will provide Sender ID information for outgoing mail so that its users can communicate with e-mail providers using that system, but that will be the limit of support for the standard. AOL, meanwhile, is moving ahead with its plans to implement the industry-standard Sender Policy Framework.

But shortly after, here comes a news announcement on a new Microsoft patent that, arguably by some, mocks the Sender Policy Framework (SPF) used.  Basically the supposed patent-free technology now has patents being applied for.
This time, a Microsoft patent made public Thursday appears to be broad enough to cover not only methods of the authentication algorithms for which Microsoft wants licensing but also the SPF (Sender Policy Framework) method being touted as a patent-free alternative, according to legal experts and participants in the e-mail authentication working group.

    for this posting

    On Monday, September 20th, 2004   by Chris Miller        

A way to crash Domino 7 admin client

I was at a customer site this week, as my daily readers know, using Domino 7 milestone 2 on my laptop for the work.  Well I have numerous domains set in File-Preferences-Adminsitration Preferences for all the domains we manage globally.  Here is what I found.

At the customer site, they have proxy servers and also restrict outbound 1352 traffic.  So I could not reach many of the destinations I had in preferences.  Well when launching the administrator client, it tried to reach the primary servers for the domains first, then the secondary.  Since it couldn't reach any of them, it started trying others.  What I started getting was numerous pop-ups stating it couldn't reach ServerX then ServerY and etc throughout the domains.  It go to the point they were coming up as fast as I could click OK on the pop-up.  Eventually the client just crashed and burned.  I took it as a one time anomaly at first, and tried again.  Apparently I was in a good mood since the same result.  The answer?  I removed many of the domains that I didn't use often from the preferences to get past it.
    for this posting

    On Thursday, September 16th, 2004   by Chris Miller        

More content ideas for the iPod

RSS feeds that give you music content.  I actually heard about this idea while I was in LA earlier this year from the guy that made years ago, but it seems someone beat him to it.
TiVo for iPod

Remember Adam Curry? He was one of the original MTV V-Jays,
before leaving the cable net for the inter net.  The latest
of his feline nine lives is a nifty way to transmogrify RSS
for the iPod. We've got all the details on "ipodder," which
will help you increase your music collection, and maybe even
TiVo-fy your iPod.

RSS Comes to iPod:

    for this posting

    On Wednesday, September 15th, 2004   by Chris Miller        

Sametime and large whiteboard files

As you start using Sametime for more and more meetings, all the sudden sales wants to use it for everything.  Well the whiteboard becomes a mainstay for them to show their slides and then draw like little kids at a Crayola party. Unfortunately, most of them do not understand compressing screenshots in gif images, they just paste the bitmap ones right in don't they?  The next call you get is a nondescript error from their browser as they attempt to attach these files to the Whiteboard.

Netscape at least gives you a nice HTTP error code of 500.  Microsoft Exploder only throws a Cannot find server or DNS error out for some reason.  But to make it short, here is why when you are running on Domino 6:
Sametime 3.1 and later releases run on a Domino 6 server.  Domino 6 introduced two new fields that can affect this:

1.  In the Server document > Internet Protocols tab > Domino Web Engine tab > POST Data section > Maximum POST data (in kilobytes) field.

2.  In the Server document > Internet Protocols tab > HTTP tab > HTTP Protocol Limits > Maximum size of request field.

Change the values of these fields accordingly.  Entering 0 in each of these fields allows unlimited size.

I would never recommend setting the value to zero, that is just asking for trouble in ways that no one has even dreamed up in error code land.
    for this posting

    On Monday, August 23rd, 2004   by Chris Miller        

Feedback from my last posting on DomainKeys

I saw I had one lonely comment on my last posting and was actually excited to see Chris Linfoot himself commented.  I don't go nearly as in depth as he does when talking about Domino and SMTP stuff (mainly because one area I want to do I am still under contract with The View not to write up for now).  But he linked to a posting of his that went into great detail that I enjoyed reading, as well as you should.

So let's just follow along on more of my thoughts and let the two postings work together.  Chris covers header changes and brings up a point I was getting to on the receiving side posting I was going to do actually.  Many of you scan, add fields and make all sorts of changes.  My thought here is that to make this work the right way would be an investment on the receiver side to place a SMTP box that does nothing but check DomainKeys before sending the message through.  This box would not scan, add fields, or do about anything but verify integrity.  This whole thing also assumes that the sender does nothing to the message past the point of the sending server that is listed with DomainKeys.

So Chris summed it up right there.  If there is changes made to the message after the sending and before the DomainKey can be verified, there is huge flaws in this plan.  While whitelisting is something I have been playing with internally, it has a long way to go since you require management of a private DNS whitelist or, you have to trust a public one, just as you do the blacklist sites.  I also pondered one thing, and that has to deal with S/MIME and keeping the encryption and digital signatures separate.  I would imagine the content is of course S/MIME and the wrapper of the message is DomainKeys, but what about digital signatures.  This is all leading me to a complete rewrite for verification that would cover all three.  I could see this draft coming somewhere down the road.  A single source solution that would eliminate having to keep track of whitelists, blacklists, keys for individuals and encryption.  A buffet of sorts.

I can see abuse of public whitelist servers, of people trying to get themselves listed.  How would that occur?  Well some sort of verification one would presume right?  And even if a domain is whitelisted, who is to say that is where it came from, or what if the sending SMTP host differs from the domain, as many of you companies do now.

OK, I had people coming in the office so I rambled through 14 topics in a short time, sorry about that.
    for this posting

    On Friday, August 20th, 2004   by Chris Miller        

Some thoughts on Domain Keys for SMTP

This is the proposal from Yahoo! for an SMTP standard for mail verification of sorts.  Basically it looks to verify if the sending domain was forged, through a form of key checking.  Today's discussion will take a quick peek at the steps required to set it up.  The diagram this describes can be found right here.
Set up: The domain owner (typically the team running the email systems within a company or service provider) generates a public/private key pair to use for signing all outgoing messages (multiple key pairs are allowed). The public key is published in DNS, and the private key is made available to their DomainKey-enabled outbound email servers.

Signing: When each email is sent by an authorized end-user within the domain, the DomainKey-enabled email system automatically uses the stored private key to generate a digital signature of the message. This signature is then pre-pended as a header to the email, and the email is sent on to the target recipient's mail server.

So if we follow this, you as the faithful email administrator, must create the key structure and get it published in DNS for the receiving servers to work with.  If you use a service provider for outbound email services, then there could be a longer delay or even non-support at getting this implemented.  I do like the idea of multiple keys for numerous domains.  Of course there could be management issues if DNS is not handled properly or no good tools are in place.  I cannot see handling this with text files and FTP.  A good management console would be a bonus.  Then your mail server must be able to go out and check the key for verification.  How many of you block servers from making outbound calls?  And then each call would need to go to the DNS server for the domain.  So making a simple list does not work.  You will get referred all over the place as you do now for web address lookups for browsing.

Tomorrow lets talk about the receiving side and put all this together.
    for this posting

    On Wednesday, August 18th, 2004   by Chris Miller        

How many of you are ready for DUCS?

I am being realistic in my approach here.  Are you prepared to totally unify all the communication needs or your enterprise (based on Domino Unified Communications)?  I can imagine there are some smaller shops that could move that direction quickly.  I see far too many sites that do not have speakers on the pc's, but then again how many people rarely even want their voicemail going over a speaker?  So do we provide headsets to everyone?  Could be an option.  No matter how small a voicemail can be in the mailbox, 1MB per message can get huge since there are those users that will soon say, well hey, now I can archive and save not only all my mail, but all my voicemail?  I suppose you could remove those from archiving.  What about quotas?  How does this add in?  Do you just take the voicemail system space used and add it to the mail server? Makes sense doesn't it?

I love the part of faxes coming to the inbox.  You do need to allot for DID or DTMF routing and numbers, which means acquiring more phone numbers for DID, or making people understand DTMF extensions.  I use eFax a lot now for those brief faxes, so I see benefit here.  Add a few phone lines to the server on a modem board and then allow people to send outbound also.  Makes sense to me since every fax machine in the world is still 14.4 baud and no faster.  So buying those 56k modems make no sense.  Save the money and buy slower fax modems.

The only other big catch is voicemail doesn't work with encrypted mail, so if you encrypt everything this is not the right thing for you to investigate at the current release level.  I know I can sound negative, but I always fall back into administration mode and how this will be architected.  Go read the full article I linked above and get more information for yourself.  The business reasons are definitely there.  The drive and need are there to centralize all this and provide multi-platform access.  It is driving the big bus up the hill that slows us down.
    for this posting

    On Tuesday, August 17th, 2004   by Chris Miller        

I installed the XP SP2 patch and what won’t work?

I took interest over the past week in seeing how the deployment of the SP2 patch for XP went with numerous people and partners through the forum.  I saw the whole array of answers from: this works, to this seems to be fine to the final Uh Oh!.  Microsoft themselves have now come out with a document on their site listing about 40 programs that are having issues.  Go take a peek for yourself to see if something you need is listed before you load SP2.

Even some games seemed to stop functioning.  John Head should have issues with Unreal Tournament versions not working, LOL
    for this posting

    On Monday, August 16th, 2004   by Chris Miller        

Microsoft announces enforcement of Sender ID

I talked about Domain Keys and Sender ID just a few days ago after my webcast. Well Microsoft has pushed ahead to start enforcement of it's proposal before everyone accepts it (as usual).
Microsoft announced (today) that starting October 1st, mail received by Hotmail, MSN, and would be subject to Sender ID validation. Un-authenticated messages will not be rejected, but they will be subject to a higher level of scrutinization than messages which are delivered with proper authentication credentials.

Since the current proposal for Sender ID record format will be compatible with most of the syntax of SPF, you can use the SPF Setup Wizard to help create the right DNS records for your domain.

I would investigate the SPF Setup Wizard to see if your domain servers are ready for this.  Mainly if you send a lot of mail to Microsoft directly.  I am sure they sent you announcements also, but a lot of businesses use MSN still for some reason.
    for this posting

    On Wednesday, August 11th, 2004   by Chris Miller        

Wireless management of Domino?

I am getting ready to test a new release from a Business Partner letting you remotely manage the Domino server wirelessly.  I am curious about security, SSL access and what commands can be run and limited.  This could be a help internally in the Data Center, while doing this from anywhere else concerns me greatly.  Here is the announcement on it, but you can get a beta of it now.
SolutionPlanet expects to release later this year its Admin-on-Air system, which lets Lotus Notes administrators manage and configure their Notes servers over cell phone or 802.11 links.

With wireless Terminal Services on the PocketPC, that lets me start and stop services already.  I would love to see the Java Controller over wireless though.  The best of both worlds, operating system and Domino all in one interface.
    for this posting

    On Friday, August 6th, 2004   by Chris Miller        

Reverse Proxies, enter the Matrix at your own risk

I entertained a Google the other day on Domino 6.5.1 and reverse proxies.  Well after some hunting around, I discovered that from release to release and product to product, reverse proxies are a mystical being.  It takes a level 5 or greater wizard with powers of redirection and multiple port casting abilities (Jess that was for your reading pleasure) to silence the TCP beast.  So I started conjuring up a grid of ingredients and thought it might be wise to share it.  Now this is only a very partial list (meaning no vendor hate mail please) done quickly, but gives you a starting point

Websphere Edge, Whale eGap, Neoteris
Domino Web Access
Whale eGap, Websphere Edge (no Gzip), Neoteris, Tivoli SecureWay, iPlanet Web Proxy
Workplace Team Collaboration
Workplace Messaging
Websphere Edge, Tivoli Policy Director, Netegrity
3.1 and 6.5.1
Websphere Edge, Whale eGap, Tivoli Webseal

    for this posting

    On Wednesday, July 21st, 2004   by Chris Miller        

The sound of a MIME and silencing him

After upgrading to Domino 6, which seems like eons ago now, the server started yelling out "Begin MIME to CD conversion" and soon after "End MIME to CD Conversion".  It was like a foreman at a production line.  You could notice it right after running a Tell Adminp Process All command for those that want to test.  But you will see it only announces this on mailfiles and mail-in databases.

Well AdminP cannot read MIME, so it must convert all those documents for AdminP to work on them.  Apparently this has been going on even in Domino 5 but Lotus hid those conversational messages from the console and log files.  So the MIME got a voice.  No fear, you can quiet him back down to hand signals only, with of course a notes.ini variable

    for this posting

    On Tuesday, July 20th, 2004   by Chris Miller        

Lost a password? Someone did as they searched my blog for answers

I enjoy going through Google and site searches to see what technical information people are looking for.  A bunch of us poke fun every so often at the silly searches that hit our blog.

So a recent one came in for lost passwords in Domino R5.  If you, as an admin, have not invested the time to implement password recovery in your organization, I would do that as soon as practical.  We could have a long winded dispute about id storage, default passwords on id files and recovery.  We might actually have it depending on responses and feedback here and email.

But if you are doing things the right way (this is in my eyes and darn it, this is my blog right?) then you are using unique passwords now, storing the id files in a secure encrypted database and have implemented password recovery.  If you have ventured into Domino 6 you might have even spent the time to migrate to the CA process.

Password recovery on certifiers are an entirely different matter, I realize that.  I am strictly speaking of user id files.  As for the Google search, you could attempt to use one of the brute force tools on the Internet that can be downloaded, but invest the time to also stop this from occurring in the future.  So do we need to discuss where and how to store id files?
    for this posting

    On Thursday, July 8th, 2004   by Chris Miller        

Apparently there is a few people with Trillian hacks out there

I am getting bombarded with Google hits for a free patch for Trillian Pro for the Yahoo! issue.  People must not have purchased a subscription to the pro version and are running hack ones.  Because with the paid version you just log in to the website and grab it or it even prompts you when you launch Trillian and it connects to them.  Shame shame.  No Yahoo for you!
    for this posting

    On Sunday, June 27th, 2004   by Chris Miller        

Who remembers Shimmer?

I was reading a technote (what a surprise there) when I started paying attention to the various keywords they use at the bottom so you can find them in a search.  Now I don't know who would still search for Shimmer at any point in time, but it brought back memories.  For those of you unfamiliar with the term, it was the first name for iNotes.  What is now Domino Web Access of course.  So the path was idea -> Shimmer -> iNotes -> Domino Web Access.   If you want to see where it all began you can read this original spec sheet Lotus put out from Jul 2001
    for this posting

    On Tuesday, June 22nd, 2004   by Chris Miller        

A Google search I had on iNotes6 and iNotes60 templates

I was checking the Google searches of the blog (and there was over 30 for yesterday for gosh sakes that most turned into site searches since I configured that feature) and one caught my eye.  Someone was looking for the differences between iNotes60.ntf and iNotes6.ntf templates.  Well as you can imagine I went and looked knowing that as I upgraded through the version it now has both templates on the server.  Heck it even has the iNotes5 as that is not deleted during upgrade for good reasons.

I did manage to find a technote (1158614) that dealt with the issue and provided the simple answer.  The iNotes60 template that shipped through 6.0.1 still related the design to the forms5.nsf database.  Then in 6.0.2 and the 6.5 releases, they added the forms6.nsf database.  Instead of re-pointing the iNotes60 template, which we all know would confuse users, they added the new one and then left it to you to change the template that was applied to user mailfiles.
    for this posting

    On Friday, June 18th, 2004   by Chris Miller        

Alan Lepofsky got some answers on auto-save

Alan was kind enough to dig out some answers and reply here with where the auto-saves will reside and how they can be accessed.  This could be quite useful in the long run.  Next thing you know users will be requesting to replicate up the autosave database so they don't lose it if their machine crashes.  I bet purge intervals for documents would be something the admin will want to look into on this so they don't grow too large locally also.
    for this posting

    On Thursday, June 17th, 2004   by Chris Miller        

Solution for last posting

I promised an update from the last posting.  Some digging around gave the following information about the emails that include the tracking software:
  • Mail comes from ( [])
  • img src="://" width="1" height="1"

I removed the http part above so it wasn't a hotlink but it shows the clear 1x1 gif image they embed.

So through some work with SpamJam we can block it by looking for that image or just blocking mail from that domain entirely.  You could of course use Domino for the domain blocking, but not the content piece.  Rampellsoft is of course the company that makes Spector, ViewRemote and TypeRecorderX that is local spyware to watch everything someone does on a PC.  So this is not a huge product step in their arsenal.
    for this posting

    On Monday, May 31st, 2004   by Chris Miller        

RFID this and maybe a kid too (taking a break from Lotus content today)

I read a great article about some new uses of RFID technology and had to share my thoughts.  I saw the first example in the article found here.
Amusement park Legoland in Billund, Denmark, has taken the concept of "lost and found" to a new level. If a child gets lost somewhere between Titania's Palace and Safari Park, a parent quickly can home in on the youngster's location using a cell phone and rented ID worn by the child.

At its opening day in March, the park launched this child-tracking system, which relies on radio frequency identification (RFID) and wireless LAN technology. If a child wearing a wireless-enabled wristband gets lost, parents can send a text message to an application called Kidspotter, which sends a return message stating the name and coordinates of the area of the park where the child is located.

I say low-jack those kids all the time.  Nothing better than yelling at them to come home for dinner.  They say they were three doors up the street, you know they were six blocks away where they shouldn't have been.  Ok, kidding aside, the park idea is brilliant for those parents that want the semi-young group to explore on their own some while being able to have an idea where they are.

I would like to see this used in schools more (as the article covers in the other example) for attendance.  The kids already have school id cards they wear or carry at most schools.  Why not add some RFID for attendance and purchasing school lunches.  They use a proximity reader and a PIN number and they have just bought lunch on their account. I like how the school uses it for attendance but I will let you read that.
    for this posting

    On Tuesday, May 25th, 2004   by Chris Miller        

so Google goofed on the Gmail accidentally

Users found themselves logging in to a wonderful surprise.  I know I talked about all the space they were giving users in the beta but this is a bit over the edge.
Several users of the search engine's Gmail Web-based e-mail service noticed Tuesday that their storage limits had quietly been raised to 1 million megabytes, or 1 terabyte. That's four times the typical capacity of a new high-end PC's hard drive.

I wonder what would have happened if you found time to fill more than 1GB when they made the mistake.  Would they delete your data or send nasty letters like a good Notes admin would to someone over their quota?

Yahoo has responded to this Gmail move by upping their space to 100MB over the current below 10MB that they offer.  Who says friendly competition is dead?
    for this posting

    On Wednesday, May 19th, 2004   by Chris Miller        

E-Pro: Internet Messaging Do’s and Don’ts

All administrators read the stories.  Internet messaging (e-mail) is a critical application for every enterprise in today’s world and needs caring administrators who have the  right knowledge to take care of it.  As you walk to your desk you also hear the one thing that makes the administrator shudder:”Can you do something about that spam?!?!?”

  • Enforce anti-relay policies and test your settings.  Domino 6 now sets a default in the configuration documents to stop some basic relaying on your server, but if you migrated from a previous version of Domino, your previous settings are maintained.
  • To learn how to quickly test your settings, see my previous e-Pro Magazine article on Troubleshooting Internet Messaging in Domino at, article ID 1999.
  • Authenticate all users for relay privileges.  You can choose not to authenticate local domain users, but if someone is forging an address then you’re defeating the purpose of this ability introduced in Domino 6 (you could do this previously but only if you locked the whole SMTP server down) The ability to modify these setting can be found in the Configuration document under the Router/SMTP – Restrictions and Controls – SMTP Inbound Controls – Inbound Relay Enforcement.
  • Use blacklists to reduce that spam.  Now that Domino 6 natively supports blacklists by adding them into the Server Configuration document’s DNS Blacklists Filter section, take advantage of the numerous free blacklist services that can be found!
  • Understand whitelists and their purpose for mail management.  Whitelists allow the administrator (or user, on local spam products) to allow certain messages to be allowed through your spam filters based on sender or domain  If an address is on both a whitelist and a blacklist, the whitelist will win, causing the message to be delivered. Whitelisting is not available natively in Domino, but there are third-party tools available.
  • Investigate purchasing a third-party spam filtering tool when Domino SMTP/Router and blacklists rules are not enough to reduce spam in your environment.
  • Create SMTP/Router rules in the Server Configuration document for better enterprise mail management . You can deny, sort, and route mail based on server-side rules of subject, sender, importance, and even recipient count! There are many others, investigate these options!  Remember server based rules effect everyone, not similar to mailfile rules users maintain on their own.
  • Change the setting in the Server Configuration document to not allow mail for local domain recipients not found in the Domino Directory (Domino 6 only). Enabling this setting reduces the amount of dictionary-attack spam clogging your on the server by not accepting mail that is destined for unknown names.
  • Try to use named groups or wildcard Server Configuration documents to control multiple servers at one time.  This gives you consistent control over numerous servers to ease administration and to make sure each server responds the same for troubleshooting.  Keep in mind there may be instances when a server will need specific configurations based on user needs, such as a  server that needs specific domains or users to be blocked while still aloowing other servers to receive the same mail.
  • Increase the number of databases on your system if you currently have only the default one (1).  This allows faster  processing of mail and increases performance (up to a certain point).  Busy SMTP servers benefit greatly from an additional  It can consume resources if you allow the server to have too many.  Best practices for the number of databases relies on server usage and mail load.  Remember, too many databases can have adverse effects!
  • Enable a maximum message size for mail messages.  A mistake many enterprises make is not establishing a balance between business need and convenience.  Is it convenient to accept 100MB messages via email?  Of course it is!  But does your business need large graphic packages or CAD drawings?  If not, you need to evaluate a business need for a size limit.  A majority of enterprises we deal with are very comfortable in the 15-20MB limit.  This also saves disk space and prevents someone from sending a large attachment to multiple users, possibly bringing your system to a halt.

  • Leave the default Configuration document settings that are created for each server.  By default a new Configuration document does have an anti-relay setting, as I mention above, but everything else is left to the administrator to configure.  There are great performance enhancements that can be found by understanding all the variables I am not able to fit here. I would suggest following the administration guide for a full description of each field and section.
  • Simply enable the setting to check for connecting host names in DNS.  Not all companies have correctly configured DNS, or their ISP does not allow reverse DNS entries for them.  This will have your system denying their mail to you.  While this is a very powerful feature at reducing spam, it immediately becomes noticeable that you will reject legitimate email.
  • You can also very senders domain in DNS instead of the connecting host.  By not checking the host in DNS (to protect false positives for ones that don’t allow reverse DNS), but instead checking the actual sender’s domain name, you can trim down unwanted emails that way also.  A legitimate sender should have a DNS entry correct?
  • Try to micro-manage who can and cannot receive Internet email. Maintaining that listing is a manual process that most administrators do not have time for.  I have only seen a couple companies that had reasons to only allow mail to certain people or addresses.
Internet email is a large topic with an incredible amount of settings inside of Domino.  I only gave you a few immediate tips, but to explore them all, get familiar with the configuration settings documents!!
    for this posting

    On Sunday, May 2nd, 2004   by Chris Miller        

Running 2.1.3 of Dominoblog now after upgrading

All seems to be well.  One last step is to move all the referrer and hit information to a separate database for space and replication savings!!  Woo hoo!
    for this posting

    On Saturday, April 24th, 2004   by Chris Miller        

Make the chicken dance, and well, other things not so nice

The new Burger King ad is coming out for the web.  (yes there is a technical edge here)  I heard about this on the radio the other day.  They took a bunch of shots of a man in a chicken suit, fill it into Flash and you can tell him what to do on the net.  Unfortunately someone reverse engineered it and found the developers put some very nasty things in there.  The man-in-chicken suit was supposed to shake his finger at those not so nice suggestions.
No matter what you type, the chicken will attempt to do it for you. Hop on one leg, lay down, stand on one leg, watch TV, etc. Try typing do the hustle. Obscene suggestions are rewarded by the chicken coming close to the camera and making a no-no sign with his, er, fingers.

 It just so happens that the developers were ready for you.  You can read more here and even see the darn main-in-chicken suit here.  Apparently they had 1 million hits in a day before the site even went public through announcements.
    for this posting

    On Thursday, April 15th, 2004   by Chris Miller        

There is a IF1 for 6.5.1 coming

Apparently we have something to look forward to (#1163495)  a week after the product release.

What are the known Lotus Team Workplace (QuickPlace) 6.5.1 and Lotus Instant Messaging and Web Conferencing (Sametime) 6.5.1 issues addressed by the Domino 6.5.1 Interim Fix Pack 1?

I would look for this to be out very quickly as people upgrade to the new versions.  I would check this one out to see if you are having these issues already.  Luckily we have not, be now we know to beware.

    for this posting

    On Thursday, March 25th, 2004   by Chris Miller        

Item #1 for the day

It seems as if the major of the performance issue has been fixed.  Sorry for the slow response for the past few days but after working with Steve of Dominoblog we found a loop error in some script that kept running.  It was all because of my March 8th posting that had some characters in the subject that gave the script some indigestion.  Sorry for the mental image but the server was heaving up it's lunch every minute all day trying to get past it.

So off we go!  RSS works once again!!  Sorry you couldn't get all the missing posts from the 8th to the 21st.  It won;t seem to kick those off, maybe resaving them might help.

    for this posting

    On Monday, March 22nd, 2004   by Chris Miller        

Quick course in extId and LDAP with Workplace

I have received numerous requests for assistance with LDAP after my Lotusphere presentation.  Well one key item re-appears time and time again with the requirement for a unique, never changing id in the schema for Workplace.  So here we go, I thought I would share.

Lotus Workplace requires an immutable ID in the LDAP directory to map Lotus Workplace member entries to LDAP person records.  When a user first logs in, an id is assigned to the user. This id is used to retrieve user-specific information, such as the contact list, and is also used internally for Team Space and Web Conference Access Control.  This id is used by Lotus Workplace as an internal representation of a user.

Now to take some info straight from a technote:
If the LDAP directory that you are using with Lotus Workplace already has an attribute whose value is unique, static, and never reused, you simply map that attribute to the extId attribute in Lotus Workplace. Most directory servers supported by Lotus Workplace products 1.1 have such an attribute, with the exception of Domino and IBM Directory Server 4.1. However, the default Websphere Member Manager settings for Lotus Workplace must be modified manually during installation in order to use this attribute for the Lotus Domino, Novell, Sun, and Microsoft Active Directory. If you do not make these changes, some Workplace features will not operate properly, and you may see any or all of the following problems:
  • Errors when creating Team spaces or Web conferences
  • Inability to add members to a Team space or Web conference with restricted access
  • Inability to add contacts to the My Contacts lists
  • Loss of access to Lotus Workplace data when a user's name changes

If your directory server does not contain a suitable extId attribute, Lotus Workplace can be configured to generate one. This typically requires you to modify your LDAP schema.

So what you see is that there must be: this field in either your existing LDAP schema; you must generate it on the fly; and you might manually configure Workplace to work with certain types of directories.  I see this process possibly getting easier in 2.0 or even sooner, but for now this step must be done.

This also has another feature, that when name changes are performed in things like Workplace Messaging, the system can do it 'lazy' in the background since the extId never changes!!!
    for this posting

    On Friday, March 12th, 2004   by Chris Miller        

oops, I see your BCC, please cover that up

It is always the strange ones we run across, that of course a technote already exists for.  See #1145366 for this one.

SPR Number SPR Status SPR Fixed Release
NTER5T2C7B Resolved/Fixed Lotus Workplace Messaging 1.1a


In IBM Lotus Workplace Messaging 1.1, you send a message with the To, CC, and BCC fields populated.  You go to the Sent folder and open the message, and then forward it.  You find, however, that the BCC recipient's name is displayed.


This issue was reported to Lotus software Quality Engineering and has been addressed in Workplace Messaging 1.1a.

Workaround:  Manually remove the BCC recipient's name before forwarding the message.

    for this posting

    On Monday, March 1st, 2004   by Chris Miller        

Well I fully tested the FullAdmin notes.ini setting from yesterday

It works wonderfully well.  Here are the steps I took to test it and verify it truly locked you out of the system when setting it.
  • I tested on a Domino 6.5.1 server on a blank database that I quickly created.  I removed myself entirely from the ACL, tried to get in and verified I was denied.  I then used the admin client and enabled Full Access Administration (from yesterdays posting) and I was able to manage and get into the database.  I then turned off Full Access Administration again and moved to the next step.
  • I logged into a remote live console and tried to use a Set Config command and it generated an error right away
This system variable cannot be set via the server console. You must edit NOTES.INI to set this variable.
  • So that was cool that you can't enable or disable it that way.  Next step was to do it through a web browser and use the Edit the notes.ini feature.
02/20/2004 08:41:17 PM  Agent message: 02/20/2004 08:41:17 PM  Webadmin: Chris Miller remotely viewed file ':\Lotus\Domino\notes.ini'                                                                                                    
02/20/2004 08:41:34 PM  Agent message: 02/20/2004 08:41:34 PM  Webadmin: Chris Miller remotely edited file ':\Lotus\Domino\notes.ini'                                                                                                    
02/20/2004 08:41:34 PM  Agent message: 02/20/2004 08:41:34 PM  Webadmin: Chris Miller remotely viewed file ':\Lotus\Domino\notes.ini'
  • This of course works well, so then I restarted the server.  My concern was that you could come back and edit the notes.ini file again through the browser and change it back.
  • But no such luck!!  When you come back into webadmin.nsf the options to editthe notes.ini from the webadmin.nsf database are gone.  The only way to reset it is physical access to the machine to set the variable to '0' or remove that line entirely.

So very cool on the security and access front.  I had meant to fully test it even though I have implemented and used it per the documentation.  But now I feel great about using it and controlling it.  They have some guidelines and suggestions in the technote I referenced yesterday about account naming for use of this function.  I don't agree with all of those, but they are there at least.
    for this posting

    On Tuesday, February 24th, 2004   by Chris Miller        

Disabling Full Access Administrator Rights

Why would you want to do something so crazy as that?  To disable a new feature that provides the admin with logged, yet incredible access?  Well to restrict what the heck they can see still.  Sure, there is xACL for certain things, but that power is scary.   And as much as I don't like to say it, a lot of admins aren't sure of exactly what access this gives them.

Let's visit technote #7003449

What Rights Do Full Access Administrators Have?
This is the highest level of administrative access to the server.  Administrators who have full administrator access to the server have the following rights:
  • All the rights granted to "Administrators", plus
  • Manager access, with all roles and access privileges enabled, to all databases on the server, regardless of the database ACL settings
  • Manager access, with all roles and access privileges enabled, to the Web Administrator database (WEBADMIN.NSF)
  • Access to all documents within databases on the server, regardless of reader name field controls
  • Unrestricted agent rights
  • Overrides "Enforce a consistent ACL across all replicas" setting
  • Supersedes directory link ACLs and .ACL files

Note:  Full Access Admin does not allow access to read encrypted fields.  In the case of mail encryption (and other documents encrypted using public keys), the specified user's private key is required to decrypt.  In the case of document encryption using secret keys, the secret key is required to decrypt.

Image:Disabling Full Access Administrator Rights

Disabling the feature via the Notes.ini
Customers can disable this feature by setting SECURE_DISABLE_FULLADMIN=1 in Notes.ini.  When this value is set, the server will ignore any values in the Full Admin Access field in the server document.  This parameter cannot be reset via a remote or local console or via the server configuration document.  It can only be reset by editing the server's notes.ini file.  It is constructed so that a site that wishes to disable this feature in a way that it cannot be reenabled without direct access to the server's file system can do so.

So I am unsure if one should create a separate id file as suggested in that technote or attempt to know when to use the toggle yourself.
    for this posting

    On Monday, February 23rd, 2004   by Chris Miller        

Does the integrated buddy list get away from you in the client interface?


When moving the Notes instant messaging contact list off to the side, a user can inadvertently drag the contact list entirely off the screen.  If no part of the contact list remains visible, the user has nothing to click on to drag the contact list back into view.  How can the user recover the contact list?


The position of the Notes instant messaging contact list is recorded in the Notes.ini file.   You can recover the contact list by manually changing the coordinates for the contact list to a set that corresponds to the visible area of the screen.

To recover the contact list, do the following:

1.  Close Notes.

2.  Open the Notes.ini file in a text editor.

3.  Scroll down to the line that begins:  BuddyListPos=

4.  Replace the coordinates so that they correspond to the visible area of your screen.  For example:

BuddyListPos=678 186 311 558

If these numbers do not work for you, use the coordinates defined in the Notes.ini of a coworker who has the same display type.  

5.  Save the Notes.ini.

6.  Restart Notes.

    for this posting

    On Friday, February 20th, 2004   by Chris Miller        

Multi Server Sign-On (MSSO) and a bag of chips

We embarked on the greater task of implementing a LTPA token and single sign-on across the whole product suite.  Some immediate things that could be done better (yes we know there is more)
  • A simplified installer (Installshield or the like for Windows) on the Sametime cd#2 under toolkits that places the necessary files on the Sametime server and again that gets run for the QuickPlace server.  Yes there is only a few files that must be moved around, but the directories don't even exist and it is just too much manual work.
  • Adjust the stlinks.js and offline.gif files in the 6.5.1 release so you don't have to move them around manually for awareness to be correct in Domino Web Access.
  • Set the choice for awareness for Domino Web Access to use tokens or LTPA as part of one of the installation advanced choices
  • Remove the documentation conflicts for Sametime/QuickPlace integration that exist between technotes and steps to get the functionality working against a single LDAP directory.  (for example one says never use the Sametime or QuickPlace server as the LDAP source while another says 'using the Sametime server for LDAP'.  This confuses things later and leads to the next one.
  • Make it easy to move between primary LDAP directories on the Sametime server.  Moving from Domino Directory to LDAP was covered and documented, but not LDAP to LDAP as that becomes the required and directory of choice both for these.
Domino.Doc was fairly simple as is working with the client integration side for awareness, that was a nice relief.

Ok, I have one more issue that I will cover tomorrow around the new CA process.
    for this posting

    On Thursday, February 19th, 2004   by Chris Miller        

Is it legal for your AIM client to spam your buddies?

I came across this article that shows a program installed by users, mostly by those not sure they are actually loading it, into your AIM client that sends spam IM's under your IM name.
The program, which appeared yesterday, spreads by appearing to be a recommendation from an AIM user that encourages contacts to visit a Web page to download a video game....On visiting the site, users are prompted with an Internet Explorer security warning asking them if they wish to install and run the program "News Player Applet."

Now here is the catch, buried in the EULA they add a little something extra.
However, buried in the software's accompanying End User License Agreement (EULA) is a statement that AIM users who download it explicitly give their permission to send marketing messages to their Buddy List contacts. In this way, the program can spread itself by sending links to the Web page -- while seeming to come from a known contact.......

The program's EULA indicates that it was designed by Cambridge, Mass.-based PSD Tools LLC. The Terms read, in part, that "...the Software will interoperate with your current instant messaging client so as to permit the automatic sending of advertising messages originating from your Computer to your contact or 'buddy' list regarding Content offered by PSD Tools or its suppliers."

Does anyone think that this is a bit fishy in the way they are using the hidden program in the EULA to update itself to send advertising to your buddy list, from you!!  After reading more information on it, it seems that it can update itself and send even more from your id.  You can get the full article on this, and information on how to find and uninstall it.
    for this posting

    On Saturday, February 14th, 2004   by Chris Miller        

Sametime and joining a Sametime Community (Dave found this gem for our client)

Apparently in a session at Lotusphere it was brought up that the octet of IP addresses have some bearing on how Sametime Communities function.  To me this makes no sense when I first read it but after reading some, it might seem a very plausible way that they solved an issue.  This is taken from Technote #7002563 in the Knowledgebase.
I.  How a Sametime server joins a Sametime community

A Sametime server comes online and checks its Domino Directory (names.nsf) for other Sametime servers.  Based on the IP addresses and the last Octet of the IP addresses, the Sametime server decides which server should contact which server.  If a server IP's last Octet is less than the server that just came online, then the first server online will initiate the connection to that server.  If a server's last Octet is greater than the last octet of the first server online, the first server online waits to be contacted by that server.

Without this algorithm in place, you would either have servers with multiple connections to and from each other or you would have servers that do not connect at all.

Note  All Sametime servers must connect directly to all other servers in the community.  The connections cannot be daisy-chained.  This process is the most efficient way to determine who needs to contact who in this full mesh.

The following formula can be used to determine how many connections are required in your Sametime environment:

(N * N-1)/ 2

(10 * (10 - 1))  / 2
(10 * 9) / 2
90 / 2

This takes care of creating a mesh of all the servers and makes a server a primary.  Which then in theory doesn't let all the servers acting like bosses.  Everyone knows you don't need a room of bosses and no one to actually to do the work.
    for this posting

    On Thursday, February 12th, 2004   by Chris Miller